Cisco Cisco Email Security Appliance C160 Mode D'Emploi
12-14
Cisco AsyncOS 8.5.6 for Email User Guide
Chapter 12 Anti-Virus
How to Configure the Appliance to Scan for Viruses
You enable anti-virus actions on a per-recipient basis using Incoming or Outgoing Mail Policies. You
can configure mail policies in the GUI or in the CLI using the
can configure mail policies in the GUI or in the CLI using the
policyconfig > antivirus
command.
After you enable anti-virus settings globally, you configure these actions separately for each mail policy
you create. You can configure different actions for different mail policies.
you create. You can configure different actions for different mail policies.
Procedure
Step 1
Navigate to the Mail Policies > Incoming Mail Policies or Mail Policies > Outgoing Mail Policies page.
Step 2
Click the link for the anti-virus security service for the policy you want to configure.
Note
Click the link in the default row to edit the settings for the default policy.
Step 3
Click Yes or Use Default to enable Anti-Virus Scanning for the policy.
The first setting on the page defines whether the service is enabled for the policy. You can click Disable
to disable the service altogether.
to disable the service altogether.
For mail policies other than the default, choosing “Yes” enables the fields in the Repaired, Encrypted,
Unscannable, and Virus Infected Messages areas to become active.
Unscannable, and Virus Infected Messages areas to become active.
Step 4
Select an Anti-Virus scanning engine. You can select McAfee or Sophos engines.
Step 5
Configure Message Scanning settings.
See
for more information.
Step 6
Configure settings for Repaired, Encrypted, Unscannable, and Virus Infected messages.
See
.
Step 7
Click Submit.
Step 8
Commit your changes.
Notes on Anti-Virus Configurations
The drop attachments flag makes a considerable difference in how anti-virus scanning works. When the
system is configured to “Drop infected attachments if a virus is found and it could not be repaired,” any
viral or unscannable MIME parts are removed from messages. The output from Anti-Virus scanning,
then, is almost always a clean message. The action defined for Unscannable Messages, as shown in the
GUI pane, rarely takes place.
system is configured to “Drop infected attachments if a virus is found and it could not be repaired,” any
viral or unscannable MIME parts are removed from messages. The output from Anti-Virus scanning,
then, is almost always a clean message. The action defined for Unscannable Messages, as shown in the
GUI pane, rarely takes place.
In a “Scan for Viruses only” environment, these actions “clean” messages by dropping the bad message
parts. Only if the RFC822 headers themselves are attacked or encounter some other problem would this
result in the unscannable actions taking place. However, when Anti-Virus scanning is configured for
“Scan for Viruses only” and “Drop infected attachments if a virus is found and it could not be repaired,”
is not chosen, the unscannable actions are very likely to take place.
parts. Only if the RFC822 headers themselves are attacked or encounter some other problem would this
result in the unscannable actions taking place. However, when Anti-Virus scanning is configured for
“Scan for Viruses only” and “Drop infected attachments if a virus is found and it could not be repaired,”
is not chosen, the unscannable actions are very likely to take place.