Cisco Cisco Email Security Appliance C650 Guía Del Usuario
12-6
Cisco AsyncOS 9.1 for Email User Guide
Chapter 12 Anti-Virus
How to Configure the Appliance to Scan for Viruses
Programs, documents or email messages that carry a virus often have distinctive features. They might
attempt unprompted modification of files, invoke mail clients, or use other means to replicate
themselves. The engine analyzes the program code to detect these kinds of computer instructions. The
engine also searches for legitimate non-virus-like behavior, such as prompting the user before taking
action, and thereby avoids raising false alarms.
attempt unprompted modification of files, invoke mail clients, or use other means to replicate
themselves. The engine analyzes the program code to detect these kinds of computer instructions. The
engine also searches for legitimate non-virus-like behavior, such as prompting the user before taking
action, and thereby avoids raising false alarms.
By using these techniques, the engine can detect many new viruses.
When a Virus is Found
When a virus has been detected, McAfee can repair (disinfect) the file. McAfee can usually repair any
file in which a virus has been found, after which the file can be used without risk. The precise action
taken depends on the virus.
file in which a virus has been found, after which the file can be used without risk. The precise action
taken depends on the virus.
Occasionally, there can be limitations when it comes to disinfecting files because it is not always
possible to return a file to its original state. Some viruses overwrite part of the executable program which
cannot be reinstated. In this instance, you define how to handle messages with attachments that could
not be repaired. You configure these settings on a per-recipient basis using the Email Security Feature:
the Mail Policies > Incoming or Outgoing Mail Policies pages (GUI) or the
possible to return a file to its original state. Some viruses overwrite part of the executable program which
cannot be reinstated. In this instance, you define how to handle messages with attachments that could
not be repaired. You configure these settings on a per-recipient basis using the Email Security Feature:
the Mail Policies > Incoming or Outgoing Mail Policies pages (GUI) or the
policyconfig -> antivirus
command (CLI). For more information on configuring these settings, see
How to Configure the Appliance to Scan for Viruses
Related Topics
•
•
•
•
•
Table 12-1
How to Scan Messages for Viruses
Do This
More Info
Step 1
Enable anti-virus scanning on the Email
Security appliance.
Security appliance.
Step 2
Define the groups of users whose messages you
want to scan for viruses.
want to scan for viruses.
Step 3
(Optional) Configure how you want the virus
quarantine to handle messages.
quarantine to handle messages.
Step 4
Determine how you want the appliance to
handle messages with viruses.
handle messages with viruses.
Step 5
Configure the anti-virus scanning rules for the
user groups you defined.
user groups you defined.
Step 6
(Optional) Send an email message to test the
configuration.
configuration.