Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
17-13
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 4
Submit and commit your changes.
Quarantining Messages with Attachments Sent for Analysis
You can configure the appliance to quarantine files sent for analysis instead of releasing them
immediately to the workqueue. Quarantined messages and their attachments are rescanned for threats
upon release from quarantine. If the message is released after file analysis results are available to the
reputation scanner, any identified threats will be caught during rescanning.
immediately to the workqueue. Quarantined messages and their attachments are rescanned for threats
upon release from quarantine. If the message is released after file analysis results are available to the
reputation scanner, any identified threats will be caught during rescanning.
Step 1
Select Mail Policies > Incoming Mail Policies.
Step 2
Click the link in the Advanced Malware Protection column of the mail policy to modify.
Step 3
Under Messages with File Analysis Pending section, select Quarantine from the Action Applied to
Message drop-down.
Message drop-down.
The quarantined messages are stored in the File Analysis quarantine. See
.
Step 4
(Optional) Under Messages with File Analysis Pending section, choose the following options:
•
Whether to archive the original message. Archived messages are stored as an mbox-format log file
in the
in the
amparchive
directory on the appliance. The preconfigured AMP Archive (
amparchive
) log
subscription is required.
•
Whether to warn the end user by modifying the message subject, for example, “
[WARNING:
ATTACHMENT(S) MAY CONTAIN MALWARE]
.”
•
Whether to add a custom header to provide granular controls to the administrator.
Step 5
Submit and commit your changes.
Related Topics
•
•
Using the File Analysis Quarantine
•
•
Edit File Analysis Quarantine Settings
Step 1
Select Monitor > Policy, Virus, and Outbreak Quarantines.
Step 2
Click the File Analysis quarantine link.
Step 3
Specify the retention period.