Cisco Cisco Email Security Appliance C160 Mode D'Emploi

16-7

Cisco AsyncOS 8.5.6 for Email User Guide

Chapter 16 File Reputation Filtering and File Analysis

Configuring File Reputation and Analysis Features

Values are case-sensitive.

Sending Notifications to End Users about Dropped Messages or Attachments

To send notifications to end users when a suspect attachment or its parent message has been dropped
based on file reputation scanning, use an X-header or Custom Header and Content Filters. See a similar
configuration example at

Quarantining Messages with Attachments Sent for Analysis: X-Header

Configuration Example, page 16-5

Advanced Malware Protection and Clusters

If you use centralized management, you can enable Advanced Malware Protection and mail policies at
the cluster, group and machine level.

Feature keys must be added at the machine level.

Ensuring That You Receive Alerts

Ensure that the appliance is configured to send you alerts related to Advanced Malware Protection.

You will receive alerts when:

Header Name

Possible Values
(Case Sensitive)

Description

X-Amp-Result Clean

Malicious

Unscannable

Verdict applied to messages processed by the
file reputation service.

X-Amp-Original-Verdict

file unknown

verdict unknown

Verdict before adjustment based on reputation
threshold. This header exists only if the
original verdict is one of the possible values.

X-Amp-File-Uploaded

true

false

If any file attached to a message was sent for
analysis, this header is "true."

Alert Description

Type

Severity

Feature keys expire

(As is standard for all features)

The file reputation service is unreachable

System

Warning

The file analysis service is unreachable

System

Warning

A file reputation verdict changes

System

Info

The reputation and analysis engine is restarted by a watchdog
service

System Info