Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
12-7
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 12 Anti-Virus
How to Configure the Appliance to Scan for Viruses
Step 6
Submit and commit your changes.
What To Do Next
Configure anti-virus settings on a per-recipient basis. See
.
Configuring Virus Scanning Actions for Users
The virus scanning engine integrated into the Cisco appliance processes messages for viruses for
incoming and outgoing mail based on policies (configuration options) you configure using the Email
Security Manager feature. You enable Anti-Virus actions on a per-recipient basis using the Email
Security Feature: the Mail Policies > Incoming or Outgoing Mail Policies pages (GUI) or the
incoming and outgoing mail based on policies (configuration options) you configure using the Email
Security Manager feature. You enable Anti-Virus actions on a per-recipient basis using the Email
Security Feature: the Mail Policies > Incoming or Outgoing Mail Policies pages (GUI) or the
policyconfig > antivirus
command (CLI).
Message Scanning Settings
•
Scan for Viruses Only:
Messages processed by the system are scanned for viruses. Repairs are not attempted for infected
attachments. You can choose whether to drop attachments and deliver mail for messages that contain
viruses or could not be repaired.
attachments. You can choose whether to drop attachments and deliver mail for messages that contain
viruses or could not be repaired.
•
Scan and Repair Viruses:
Messages processed by the system are scanned for viruses. If a virus is found in an attachment, the
system will attempt to “repair” the attachment.
system will attempt to “repair” the attachment.
•
Dropping Attachments
You can choose to drop infected attachments.
When infected attachments to messages have been scanned and dropped by the anti-virus scanning
engine, the attachment is replaced with a new attachment called “Removed Attachment.” The
attachment type is text/plain and contains the following:
engine, the attachment is replaced with a new attachment called “Removed Attachment.” The
attachment type is text/plain and contains the following:
Users will always be notified if their messages were modified in any way because they were infected
with a bad attachment. You can configure a secondary notification action, as well (see
with a bad attachment. You can configure a secondary notification action, as well (see
). The notify action is not needed to inform users that a message was
modified if you choose to drop infected attachments.
•
X-IronPort-AV Header
All messages that are processed by the Anti-Virus scanning engine on the appliance have the header
X-IronPort-AV:
added to messages. This header provides additional information to you when
debugging issues with your anti-virus configuration, particularly with messages that are considered
“unscannable.” You can toggle whether the X-IronPort-AV header is included in messages that are
scanned. Including this header is recommended.
“unscannable.” You can toggle whether the X-IronPort-AV header is included in messages that are
scanned. Including this header is recommended.
This attachment contained a virus and was stripped.
Filename: filename
Content-Type: application/filetype