Cisco Cisco Email Security Appliance C160 用户指南
9-13
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 9 Anti-Virus
All messages that are processed by the Anti-Virus scanning engine on the
appliance have the header
appliance have the header
X-IronPort-AV:
added to messages. This header
provides additional information to you when debugging issues with your
anti-virus configuration, particularly with messages that are considered
“unscannable.” You can toggle whether the X-IronPort-AV header is included
in messages that are scanned. Including this header is recommended.
anti-virus configuration, particularly with messages that are considered
“unscannable.” You can toggle whether the X-IronPort-AV header is included
in messages that are scanned. Including this header is recommended.
Message Handling Settings
You configure the virus scanning engine to handle four distinct classes of
messages that are received by a listener, with separate actions for each.
messages that are received by a listener, with separate actions for each.
summarizes the actions the system performs when the virus scanning engine is
enabled. See also
enabled. See also
and
for the GUI configuration.
For each of the following message types, you can choose which actions are
performed. The actions are described below (see
performed. The actions are described below (see
). For example, you can configure your
anti- virus settings for virus-infected messages so that the infected attachment is
dropped, the subject of the email is modified, and a custom alert is sent to the
message recipient.
dropped, the subject of the email is modified, and a custom alert is sent to the
message recipient.
Repaired Message Handling
Messages are considered repaired if the message was completely scanned and all
viruses have been repaired or removed. These messages will be delivered as is.
viruses have been repaired or removed. These messages will be delivered as is.
Encrypted Message Handling
Messages are considered encrypted if the engine is unable to finish the scan due
to an encrypted or protected field in the message. Messages that are marked
encrypted may also be repaired.
to an encrypted or protected field in the message. Messages that are marked
encrypted may also be repaired.
Note the differences between the encryption detection message filter rule (refer to
“Encryption Detection Rule” in the “Using Message Filters to Enforce Email
Policies” chapter of the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide) and the virus scanning actions for “encrypted” messages.
The encrypted message filter rule evaluates to “true” for any messages that are
PGP or S/MIME encrypted. The encrypted rule can only detect PGP and S/MIME
“Encryption Detection Rule” in the “Using Message Filters to Enforce Email
Policies” chapter of the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide) and the virus scanning actions for “encrypted” messages.
The encrypted message filter rule evaluates to “true” for any messages that are
PGP or S/MIME encrypted. The encrypted rule can only detect PGP and S/MIME