Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

All messages that are processed by the Anti-Virus scanning engine on the 
appliance have the header 

X-IronPort-AV:

 added to messages. This header 

provides additional information to you when debugging issues with your 
anti-virus configuration, particularly with messages that are considered 
“unscannable.” You can toggle whether the X-IronPort-AV header is included 
in messages that are scanned. Including this header is recommended.

You configure the virus scanning engine to handle four distinct classes of 
messages that are received by a listener, with separate actions for each. 

summarizes the actions the system performs when the virus scanning engine is 
enabled. See also 

 and 

 for the GUI configuration. 

For each of the following message types, you can choose which actions are 
performed. The actions are described below (see 

). For example, you can configure your 

anti- virus settings for virus-infected messages so that the infected attachment is 
dropped, the subject of the email is modified, and a custom alert is sent to the 
message recipient.

Messages are considered repaired if the message was completely scanned and all 
viruses have been repaired or removed. These messages will be delivered as is.

Messages are considered encrypted if the engine is unable to finish the scan due 
to an encrypted or protected field in the message. Messages that are marked 
encrypted may also be repaired.

Note the differences between the encryption detection message filter rule (refer to 
“Encryption Detection Rule” in the “Using Message Filters to Enforce Email 
Policies” chapter of the Cisco IronPort AsyncOS for Email Advanced 
Configuration Guide) and the virus scanning actions for “encrypted” messages. 
The encrypted message filter rule evaluates to “true” for any messages that are 
PGP or S/MIME encrypted. The encrypted rule can only detect PGP and S/MIME