Cisco Cisco Email Security Appliance C160 Mode D'Emploi
17-9
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
•
Select the actions that AsyncOS must perform if an attachment is considered Unscannable.
Attachments are considered Unscannable when the appliance is unable to obtain information from
the file reputation service for any reason, for example because the connection timed out.
Attachments are considered Unscannable when the appliance is unable to obtain information from
the file reputation service for any reason, for example because the connection timed out.
Select the following:
–
Whether to deliver or drop the message.
–
Whether to archive the original message. Archived messages are stored as an mbox-format log
file in the
file in the
amparchive
directory on the appliance. The preconfigured AMP Archive
(
amparchive
) log subscription is required.
–
Whether to warn the end user by modifying the message subject, for example, [WARNING:
ATTACHMENT(S) MAY CONTAIN MALWARE].
ATTACHMENT(S) MAY CONTAIN MALWARE].
–
Whether to add a custom header to provide granular controls to the administrator.
•
Select the actions that AsyncOS must perform if an attachment is considered Malicious. Select the
following:
following:
–
Whether to deliver or drop the message.
–
Whether to archive the original message. Archived messages are stored as an mbox-format log
file in the
file in the
amparchive
directory on the appliance. The preconfigured AMP Archive
(
amparchive
) log subscription is required.
–
Whether to deliver the message after removing the malware attachments.
–
Whether to warn the end user by modifying the message subject, for example, [WARNING:
MALWARE DETECTED IN ATTACHMENT(S)].
MALWARE DETECTED IN ATTACHMENT(S)].
–
Whether to add a custom header to provide granular controls to the administrator.
•
Select the actions that AsyncOS must perform if an attachment is sent for File Analysis. Select the
following:
following:
–
Whether to deliver or quarantine the message.
–
Whether to archive the original message. Archived messages are stored as an mbox-format log
file in the
file in the
amparchive
directory on the appliance. The preconfigured AMP Archive
(
amparchive
) log subscription is required.
–
Whether to warn the end user by modifying the message subject, for example, “
[WARNING:
ATTACHMENT(S) MAY CONTAIN MALWARE]
.”
–
Whether to add a custom header to provide granular controls to the administrator.
Step 4
Submit and commit your changes.
Quarantining Messages with Attachments Sent for Analysis
You can configure the appliance to quarantine files sent for analysis instead of releasing them
immediately to the workqueue. Quarantined messages and their attachments are rescanned for threats
upon release from quarantine. If the message is released after file analysis results are available to the
reputation scanner, any identified threats will be caught during rescanning.
immediately to the workqueue. Quarantined messages and their attachments are rescanned for threats
upon release from quarantine. If the message is released after file analysis results are available to the
reputation scanner, any identified threats will be caught during rescanning.
Procedure
Step 1
Select Mail Policies > Incoming Mail Policies.