Руководство Пользователя для Cisco Cisco Email Security Appliance C170
Chapter 9 Anti-Virus
9-302
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Anti-Virus Scanning
You can configure your IronPort appliance to scan for viruses using the McAfee
or Sophos anti-virus scanning engines.
or Sophos anti-virus scanning engines.
The McAfee and Sophos engines contain the program logic necessary to scan files
at particular points, process and pattern-match virus definitions with data they
find in your files, decrypt and run virus code in an emulated environment, apply
heuristic techniques to recognize new viruses, and remove infectious code from
legitimate files.
at particular points, process and pattern-match virus definitions with data they
find in your files, decrypt and run virus code in an emulated environment, apply
heuristic techniques to recognize new viruses, and remove infectious code from
legitimate files.
Evaluation Key
Your IronPort appliance ships with a 30-day evaluation key for each available
anti-virus scanning engine. You enable the evaluation key by accessing the license
agreement in the System Setup Wizard or Security Services > Sophos/McAfee
Anti-Virus pages (in the GUI) or running the
anti-virus scanning engine. You enable the evaluation key by accessing the license
agreement in the System Setup Wizard or Security Services > Sophos/McAfee
Anti-Virus pages (in the GUI) or running the
antivirusconfig
or
systemsetup
commands (in the CLI). Once you have accepted the agreement, the Anti-Virus
scanning engine will be enabled, by default, for the default incoming and outgoing
mail policies. For information on enabling the feature beyond the 30-day
evaluation period, contact your IronPort sales representative. You can see how
much time remains on the evaluation via the System Administration > Feature
Keys page or by issuing the
scanning engine will be enabled, by default, for the default incoming and outgoing
mail policies. For information on enabling the feature beyond the 30-day
evaluation period, contact your IronPort sales representative. You can see how
much time remains on the evaluation via the System Administration > Feature
Keys page or by issuing the
featurekey
command. (For more information, see the
section on working with feature keys in “Common Administrative Tasks” in the
Cisco IronPort AsyncOS for Email Daily Management Guide).
Cisco IronPort AsyncOS for Email Daily Management Guide).
Multi-Layer Anti-Virus Scanning
AsyncOS supports scanning messages with multiple anti-virus scanning engines
— multi-layer anti-virus scanning. You can configure your IronPort appliance to
use one or both of the licensed anti-virus scanning engines on a per mail policy
basis. You could create a mail policy for executives, for example, and configure
that policy to scan mail with both Sophos and McAfee engines.
— multi-layer anti-virus scanning. You can configure your IronPort appliance to
use one or both of the licensed anti-virus scanning engines on a per mail policy
basis. You could create a mail policy for executives, for example, and configure
that policy to scan mail with both Sophos and McAfee engines.
Scanning messages with multiple scanning engines provides “defense in depth”
by combining the benefits of both Sophos and McAfee anti-virus scanning
engines. Each engine has leading anti-virus capture rates, but because each engine
relies on a separate base of technology (discussed in
by combining the benefits of both Sophos and McAfee anti-virus scanning
engines. Each engine has leading anti-virus capture rates, but because each engine
relies on a separate base of technology (discussed in