Cisco Cisco Email Security Appliance X1070 Guida Utente
17-12
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
•
Select the actions that the appliance must perform if an attachment is considered Unscannable.
Attachments are considered Unscannable when the appliance is unable to obtain information from
the file reputation service for any reason, for example because the connection timed out.
Attachments are considered Unscannable when the appliance is unable to obtain information from
the file reputation service for any reason, for example because the connection timed out.
Select the following:
–
Whether to deliver or drop the message.
–
Whether to archive the original message. Archived messages are stored as an mbox-format log
file in the
file in the
amparchive
directory on the appliance. The preconfigured AMP Archive
(
amparchive
) log subscription is required.
–
Whether to warn the end user by modifying the message subject, for example, [WARNING:
ATTACHMENT(S) MAY CONTAIN MALWARE].
ATTACHMENT(S) MAY CONTAIN MALWARE].
–
Whether to add a custom header to provide granular controls to the administrator.
•
Select the actions that the appliance must perform if an attachment is considered Malicious. Select
the following:
the following:
–
Whether to deliver or drop the message.
–
Whether to archive the original message. Archived messages are stored as an mbox-format log
file in the
file in the
amparchive
directory on the appliance. The preconfigured AMP Archive
(
amparchive
) log subscription is required.
–
Whether to deliver the message after removing the malware attachments.
–
Whether to warn the end user by modifying the message subject, for example, [WARNING:
MALWARE DETECTED IN ATTACHMENT(S)].
MALWARE DETECTED IN ATTACHMENT(S)].
–
Whether to add a custom header to provide granular controls to the administrator.
•
Select the actions that the appliance must perform if an attachment is sent for File Analysis. Select
the following:
the following:
–
Whether to deliver or quarantine the message.
–
Whether to archive the original message. Archived messages are stored as an mbox-format log
file in the
file in the
amparchive
directory on the appliance. The preconfigured AMP Archive
(
amparchive
) log subscription is required.
–
Whether to warn the end user by modifying the message subject, for example, “
[WARNING:
ATTACHMENT(S) MAY CONTAIN MALWARE]
.”
–
Whether to add a custom header to provide granular controls to the administrator.
•
Configure the remedial actions to be performed on messages delivered to end users when the threat
verdict changes to malicious. Select Enable Mailbox Auto Remediation and select one of the
following actions:
verdict changes to malicious. Select Enable Mailbox Auto Remediation and select one of the
following actions:
–
Forward to an email address. Select this option to forward the message with malicious
attachment to a specified user, for example, an email administrator.
attachment to a specified user, for example, an email administrator.
–
Delete the message. Select this option to permanently delete the message with malicious
attachment from the end user’s mailbox.
attachment from the end user’s mailbox.
–
Forward to an email address and delete the message. Select this option to forward the message
with malicious attachment to a specified user, for example, an email administrator and
permanently delete that message from the end user’s mailbox.
with malicious attachment to a specified user, for example, an email administrator and
permanently delete that message from the end user’s mailbox.
Note
Messages from certain folders (for example, Deleted Items) cannot be deleted as Office 365
services do not support deletion of messages from these folders.
services do not support deletion of messages from these folders.