Cisco Cisco Email Security Appliance C650 Guía Del Usuario
16-4
Cisco AsyncOS 9.1 for Email User Guide
Chapter 16 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Archive or Compressed File Processing
If the file is compressed or archived,
•
Reputation of the compressed or archive file is evaluated.
•
The compressed or archive file is decompressed and reputations of all the extracted files are
evaluated.
evaluated.
For information about which archived and compressed files are examined, including file formats, see
File Criteria for Advanced Malware Protection Services for Cisco Content Security Products, available
from
File Criteria for Advanced Malware Protection Services for Cisco Content Security Products, available
from
http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-user-guide-list.html
In this scenario,
•
If one of the extracted files is malicious, the file reputation service returns a verdict of Malicious for
the compressed or the archive file.
the compressed or the archive file.
•
If the compressed or archive file is malicious and all the extracted files are clean, the file reputation
service returns a verdict of Malicious for the compressed or the archive file.
service returns a verdict of Malicious for the compressed or the archive file.
•
If the verdict of any of the extracted files is unknown, the extracted files are optionally (if configured
and the file type is supported for file analysis) sent for file analysis.
and the file type is supported for file analysis) sent for file analysis.
•
If the extraction of a file fails while decompressing a compressed or an archive file, the file
reputation service returns a verdict of Unscannable for the compressed or the archive file. Keep in
mind that, in this scenario, if one of the extracted files is malicious, the file reputation service returns
a verdict of Malicious for the compressed or the archive file (Malicious verdict takes precedence
over Unscannable verdict).
reputation service returns a verdict of Unscannable for the compressed or the archive file. Keep in
mind that, in this scenario, if one of the extracted files is malicious, the file reputation service returns
a verdict of Malicious for the compressed or the archive file (Malicious verdict takes precedence
over Unscannable verdict).
Note
Reputation of the extracted files with safe MIME types, for example, text/plain, are not
evaluated.
evaluated.
FIPS Compliance
File reputation scanning and file analysis are FIPS compliant.
Configuring File Reputation and Analysis Features
•
•
•
•
•
•
•
•
•
•