Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
17-13
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Sending Notifications to End Users about Dropped Messages or Attachments
To send notifications to end users when a suspect attachment or its parent message has been dropped
based on file reputation scanning, use an X-header or Custom Header and Content Filters.
based on file reputation scanning, use an X-header or Custom Header and Content Filters.
Advanced Malware Protection and Clusters
If you use centralized management, you can enable Advanced Malware Protection and mail policies at
the cluster, group and machine level.
the cluster, group and machine level.
Feature keys must be added at the machine level.
Ensuring That You Receive Alerts About Advanced Malware Protection Issues
Ensure that the appliance is configured to send you alerts related to Advanced Malware Protection.
You will receive alerts when:
Header Name
Possible Values
(Case Sensitive)
(Case Sensitive)
Description
X-Amp-Result Clean
Malicious
Unscannable
Verdict applied to messages processed by the
file reputation service.
file reputation service.
X-Amp-Original-Verdict
file unknown
verdict unknown
Verdict before adjustment based on reputation
threshold. This header exists only if the
original verdict is one of the possible values.
threshold. This header exists only if the
original verdict is one of the possible values.
X-Amp-File-Uploaded
true
false
If any file attached to a message was sent for
analysis, this header is "true."
analysis, this header is "true."
Alert Description
Type
Severity
Feature keys expire
(As is standard for all features)
The file reputation or file analysis service is unreachable.
Anti-Virus and AMP
Warning
Communication with cloud services is established.
Anti-Virus and AMP
Info
The reputation and analysis engine is restarted by a
watchdog service
watchdog service
Anti-Virus and AMP
Info
A file reputation verdict changes.
Anti-Virus and AMP
Info
File types that can be sent for analysis have changed. You
may want to enable upload of new file types.
may want to enable upload of new file types.
Anti-Virus and AMP
Info
Analysis of some file types is temporarily unavailable.
Anti-Virus and AMP
Warning
Analysis of all supported file types is restored after a
temporary outage.
temporary outage.
Anti-Virus and AMP
Info