Руководство Пользователя для Cisco Cisco Email Security Appliance C170
9-303
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Chapter 9 Anti-Virus
) for detecting viruses,
the multi-scan approach can be even more effective. Using multiple scanning
engines can lead to reduced system throughput, please contact your IronPort
support representative for more information.
engines can lead to reduced system throughput, please contact your IronPort
support representative for more information.
You cannot configure the order of virus scanning. When you enable multi-layer
anti-virus scanning, the McAfee engine scans for viruses first, and the Sophos
engine scans for viruses second. If the McAfee engine determines that a message
is virus-free, the Sophos engine scans the message, adding a second layer of
protection. If the McAfee engine determines that a message contains a virus, the
IronPort appliance skips Sophos scanning and performs actions on the virus
message based on settings you configured.
anti-virus scanning, the McAfee engine scans for viruses first, and the Sophos
engine scans for viruses second. If the McAfee engine determines that a message
is virus-free, the Sophos engine scans the message, adding a second layer of
protection. If the McAfee engine determines that a message contains a virus, the
IronPort appliance skips Sophos scanning and performs actions on the virus
message based on settings you configured.
Sophos Anti-Virus Filtering
The IronPort appliance includes integrated virus-scanning technology from
Sophos, Plc. Sophos Anti-Virus provides cross-platform anti-virus protection,
detection and disinfection.
Sophos, Plc. Sophos Anti-Virus provides cross-platform anti-virus protection,
detection and disinfection.
Sophos Anti-Virus provides a virus detection engine that scans files for viruses,
Trojan horses, and worms. These programs come under the generic term of
malware, meaning “malicious software.” The similarities between all types of
malware allow anti-virus scanners to detect and remove not only viruses, but also
all types of malicious software.
Trojan horses, and worms. These programs come under the generic term of
malware, meaning “malicious software.” The similarities between all types of
malware allow anti-virus scanners to detect and remove not only viruses, but also
all types of malicious software.
Virus Detection Engine
The Sophos virus detection engine lies at the heart of the Sophos Anti-Virus
technology. It uses a proprietary architecture similar to Microsoft’s COM
(Component Object Model), consisting of a number of objects with well-defined
interfaces. The modular filing system used by the engine is based on separate,
self-contained dynamic libraries each handling a different “storage class,” for
example, file type. This approach allows virus scanning operations to be applied
on generic data sources, irrespective of type.
technology. It uses a proprietary architecture similar to Microsoft’s COM
(Component Object Model), consisting of a number of objects with well-defined
interfaces. The modular filing system used by the engine is based on separate,
self-contained dynamic libraries each handling a different “storage class,” for
example, file type. This approach allows virus scanning operations to be applied
on generic data sources, irrespective of type.
Specialized technology for loading and searching data enables the engine to
achieve very fast scanning speeds. Incorporated within it are:
achieve very fast scanning speeds. Incorporated within it are:
•
a full code emulator for detecting polymorphic viruses