Cisco Cisco Email Security Appliance C160 Mode D'Emploi
12-2
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 12 Anti-Virus
Sophos Anti-Virus Filtering
Evaluation Key
Your Cisco appliance ships with a 30-day evaluation key for each available anti-virus scanning engine.
You enable the evaluation key by accessing the license agreement in the System Setup Wizard or
Security Services > Sophos/McAfee Anti-Virus pages (in the GUI) or running the
You enable the evaluation key by accessing the license agreement in the System Setup Wizard or
Security Services > Sophos/McAfee Anti-Virus pages (in the GUI) or running the
antivirusconfig
or
systemsetup
commands (in the CLI). Once you have accepted the agreement, the Anti-Virus scanning
engine will be enabled, by default, for the default incoming and outgoing mail policies. For information
on enabling the feature beyond the 30-day evaluation period, contact your Cisco sales representative.
You can see how much time remains on the evaluation via the System Administration > Feature Keys
page or by issuing the
on enabling the feature beyond the 30-day evaluation period, contact your Cisco sales representative.
You can see how much time remains on the evaluation via the System Administration > Feature Keys
page or by issuing the
featurekey
command. (For more information, see
Scanning Messages with Multiple Anti-Virus Scanning Engines
AsyncOS supports scanning messages with multiple anti-virus scanning engines — multi-layer
anti-virus scanning. You can configure your Cisco appliance to use one or both of the licensed anti-virus
scanning engines on a per mail policy basis. You could create a mail policy for executives, for example,
and configure that policy to scan mail with both Sophos and McAfee engines.
anti-virus scanning. You can configure your Cisco appliance to use one or both of the licensed anti-virus
scanning engines on a per mail policy basis. You could create a mail policy for executives, for example,
and configure that policy to scan mail with both Sophos and McAfee engines.
Scanning messages with multiple scanning engines provides “defense in depth” by combining the
benefits of both Sophos and McAfee anti-virus scanning engines. Each engine has leading anti-virus
capture rates, but because each engine relies on a separate base of technology (discussed in
benefits of both Sophos and McAfee anti-virus scanning engines. Each engine has leading anti-virus
capture rates, but because each engine relies on a separate base of technology (discussed in
and
) for detecting viruses, the
multi-scan approach can be even more effective. Using multiple scanning engines can lead to reduced
system throughput, please contact your Cisco support representative for more information.
system throughput, please contact your Cisco support representative for more information.
You cannot configure the order of virus scanning. When you enable multi-layer anti-virus scanning, the
McAfee engine scans for viruses first, and the Sophos engine scans for viruses second. If the McAfee
engine determines that a message is virus-free, the Sophos engine scans the message, adding a second
layer of protection. If the McAfee engine determines that a message contains a virus, the Cisco appliance
skips Sophos scanning and performs actions on the virus message based on settings you configured.
McAfee engine scans for viruses first, and the Sophos engine scans for viruses second. If the McAfee
engine determines that a message is virus-free, the Sophos engine scans the message, adding a second
layer of protection. If the McAfee engine determines that a message contains a virus, the Cisco appliance
skips Sophos scanning and performs actions on the virus message based on settings you configured.
Sophos Anti-Virus Filtering
The Cisco appliance includes integrated virus-scanning technology from Sophos, Plc. Sophos
Anti-Virus provides cross-platform anti-virus protection, detection and disinfection.
Anti-Virus provides cross-platform anti-virus protection, detection and disinfection.
Sophos Anti-Virus provides a virus detection engine that scans files for viruses, Trojan horses, and
worms. These programs come under the generic term of malware, meaning “malicious software.” The
similarities between all types of malware allow anti-virus scanners to detect and remove not only viruses,
but also all types of malicious software.
worms. These programs come under the generic term of malware, meaning “malicious software.” The
similarities between all types of malware allow anti-virus scanners to detect and remove not only viruses,
but also all types of malicious software.
Related Topics
•
•
•
•
•
•