Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
Chapter 9 Anti-Virus
9-314
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Encrypted Message Handling
Messages are considered encrypted if the engine is unable to finish the scan due
to an encrypted or protected field in the message. Messages that are marked
encrypted may also be repaired.
to an encrypted or protected field in the message. Messages that are marked
encrypted may also be repaired.
Note the differences between the encryption detection message filter rule (refer to
“Encryption Detection Rule” in the “Using Message Filters to Enforce Email
Policies” chapter of the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide) and the virus scanning actions for “encrypted” messages.
The encrypted message filter rule evaluates to “true” for any messages that are
PGP or S/MIME encrypted. The encrypted rule can only detect PGP and S/MIME
encrypted data. It does not detect password protected ZIP files, or Microsoft Word
and Excel documents that include encrypted content. The virus scanning engine
considers any message or attachment that is password protected to be “encrypted.”
“Encryption Detection Rule” in the “Using Message Filters to Enforce Email
Policies” chapter of the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide) and the virus scanning actions for “encrypted” messages.
The encrypted message filter rule evaluates to “true” for any messages that are
PGP or S/MIME encrypted. The encrypted rule can only detect PGP and S/MIME
encrypted data. It does not detect password protected ZIP files, or Microsoft Word
and Excel documents that include encrypted content. The virus scanning engine
considers any message or attachment that is password protected to be “encrypted.”
Note
If you upgrade from a 3.8 or earlier version of AsyncOS and you configured
Sophos Anti-Virus scanning, you must configure the Encrypted Message
Handling section after you upgrade.
Sophos Anti-Virus scanning, you must configure the Encrypted Message
Handling section after you upgrade.
Unscannable Message Handling
Messages are considered unscannable if a scanning timeout value has been
reached, or the engine becomes unavailable due to an internal error. Messages that
are marked unscannable may also be repaired.
reached, or the engine becomes unavailable due to an internal error. Messages that
are marked unscannable may also be repaired.
Virus Infected Message Handling
The system may be unable to drop the attachment or completely repair a message.
In these cases, you can configure how the system handles messages that could still
contain viruses.
In these cases, you can configure how the system handles messages that could still
contain viruses.
The configuration options are the same for encrypted messages, unscannable
messages, and virus messages.
messages, and virus messages.