Cisco Cisco Email Security Appliance C160 Mode D'Emploi

configure these settings on a per-recipient basis using the Email Security Feature: the Mail Policies > 
Incoming or Outgoing Mail Policies pages (GUI) or the 

policyconfig -> antivirus

 command (CLI). 

For more information on configuring these settings, see 

.

The McAfee® scanning engine:

Scans files by pattern-matching virus signatures with data from your files. 

Decrypts and runs virus code in an emulated environment. 

Applies heuristic techniques to recognize new viruses. 

Removes infectious code from files. 

McAfee uses anti-virus definition (DAT) files with the scanning engine to detect particular viruses, types 
of viruses, or other potentially unwanted software. Together, they can detect a simple virus by starting 
from a known place in a file, then searching for a virus signature. Often, they must search only a small 
part of a file to determine that the file is free from viruses.

Complex viruses avoid detection with signature scanning by using two popular techniques:

Encryption. The data inside the virus is encrypted so that anti-virus scanners cannot see the 
messages or computer code of the virus. When the virus is activated, it converts itself into a working 
version, then executes.

Polymorphism. This process is similar to encryption, except that when the virus replicates itself, it 
changes its appearance.

To counteract such viruses, the engine uses a technique called emulation. If the engine suspects that a 
file contains such a virus, the engine creates an artificial environment in which the virus can run 
harmlessly until it has decoded itself and its true form becomes visible. The engine can then identify the 
virus by scanning for a virus signature, as usual.

Using only virus signatures, the engine cannot detect a new virus because its signature is not yet known. 
Therefore the engine can use an additional technique — heuristic analysis.