Cisco Cisco Email Security Appliance C160 Mode D'Emploi
12-9
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 12 Anti-Virus
How to Configure the Appliance to Scan for Viruses
Encrypted Message Handling
Messages are considered encrypted if the engine is unable to finish the scan due to an encrypted or
protected field in the message. Messages that are marked encrypted may also be repaired.
protected field in the message. Messages that are marked encrypted may also be repaired.
Note the differences between the encryption detection message filter rule (see
) and the virus scanning actions for “encrypted” messages. The encrypted message filter
rule evaluates to “true” for any messages that are PGP or S/MIME encrypted. The encrypted rule can
only detect PGP and S/MIME encrypted data. It does not detect password protected ZIP files, or
Microsoft Word and Excel documents that include encrypted content. The virus scanning engine
considers any message or attachment that is password protected to be “encrypted.”
only detect PGP and S/MIME encrypted data. It does not detect password protected ZIP files, or
Microsoft Word and Excel documents that include encrypted content. The virus scanning engine
considers any message or attachment that is password protected to be “encrypted.”
Note
If you upgrade from a 3.8 or earlier version of AsyncOS and you configured Sophos Anti-Virus
scanning, you must configure the Encrypted Message Handling section after you upgrade.
scanning, you must configure the Encrypted Message Handling section after you upgrade.
Unscannable Message Handling
Messages are considered unscannable if a scanning timeout value has been reached, or the engine
becomes unavailable due to an internal error. Messages that are marked unscannable may also be
repaired.
becomes unavailable due to an internal error. Messages that are marked unscannable may also be
repaired.
Virus Infected Message Handling
The system may be unable to drop the attachment or completely repair a message. In these cases, you
can configure how the system handles messages that could still contain viruses.
can configure how the system handles messages that could still contain viruses.
The configuration options are the same for encrypted messages, unscannable messages, and virus
messages.
messages.
Configuring Settings for Message Handling Actions
•
•
•
•
•
•
•
•
•
Action to Apply
Choose which overall action to take on each message type for encrypted, unscannable, or virus positive
messages: drop the message, deliver the message as an attachment to a new message, deliver the message
as is, or send the message to the anti-virus quarantine area (
messages: drop the message, deliver the message as an attachment to a new message, deliver the message
as is, or send the message to the anti-virus quarantine area (
Configuring the appliance to deliver the infected messages as an attachment to a new message allows the
recipient to choose how to deal with the original, infected attachment.
recipient to choose how to deal with the original, infected attachment.