Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

If the file is compressed or archived,

Reputation of the compressed or archive file is evaluated.

The compressed or archive file is decompressed and reputations of all the extracted files are 
evaluated.

For information about which archived and compressed files are examined, including file formats, see 
File Criteria for Advanced Malware Protection Services for Cisco Content Security Products, available 
from 

In this scenario,

If one of the extracted files is malicious, the file reputation service returns a verdict of Malicious for 
the compressed or the archive file.

If the compressed or archive file is malicious and all the extracted files are clean, the file reputation 
service returns a verdict of Malicious for the compressed or the archive file.

If the verdict of any of the extracted files is unknown, the extracted files are optionally (if configured 
and the file type is supported for file analysis) sent for file analysis.

If the extraction of a file fails while decompressing a compressed or an archive file, the file 
reputation service returns a verdict of Unscannable for the compressed or the archive file. Keep in 
mind that, in this scenario, if one of the extracted files is malicious, the file reputation service returns 
a verdict of Malicious for the compressed or the archive file (Malicious verdict takes precedence 
over Unscannable verdict).

Reputation of the extracted files with safe MIME types, for example, text/plain, are not 
evaluated.

File reputation scanning and file analysis are FIPS compliant.