Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Messages are considered encrypted if the engine is unable to finish the scan due to an encrypted or 
protected field in the message. Messages that are marked encrypted may also be repaired.

Note the differences between the encryption detection message filter rule (see 

) and the virus scanning actions for “encrypted” messages. The encrypted message filter 

rule evaluates to “true” for any messages that are PGP or S/MIME encrypted. The encrypted rule can 
only detect PGP and S/MIME encrypted data. It does not detect password protected ZIP files, or 
Microsoft Word and Excel documents that include encrypted content. The virus scanning engine 
considers any message or attachment that is password protected to be “encrypted.” 

If you upgrade from a 3.8 or earlier version of AsyncOS and you configured Sophos Anti-Virus 
scanning, you must configure the Encrypted Message Handling section after you upgrade.

Messages are considered unscannable if a scanning timeout value has been reached, or the engine 
becomes unavailable due to an internal error. Messages that are marked unscannable may also be 
repaired.

The system may be unable to drop the attachment or completely repair a message. In these cases, you 
can configure how the system handles messages that could still contain viruses. 

The configuration options are the same for encrypted messages, unscannable messages, and virus 
messages.

Choose which overall action to take on each message type for encrypted, unscannable, or virus positive 
messages: drop the message, deliver the message as an attachment to a new message, deliver the message 
as is, or send the message to the anti-virus quarantine area (

Configuring the appliance to deliver the infected messages as an attachment to a new message allows the 
recipient to choose how to deal with the original, infected attachment.