Cisco Cisco Email Security Appliance C160 用户指南

scanning works. When the system is configured to “Drop infected attachments if 
a virus is found and it could not be repaired,” any viral or unscannable MIME 
parts are removed from messages. The output from Anti-Virus scanning, then, is 
almost always a clean message. The action defined for Unscannable Messages, as 
shown in the GUI pane, rarely takes place. 

In a “Scan for Viruses only” environment, these actions “clean” messages by 
dropping the bad message parts. Only if the RFC822 headers themselves are 
attacked or encounter some other problem would this result in the unscannable 
actions taking place. However, when Anti-Virus scanning is configured for “Scan 
for Viruses only” and “Drop infected attachments if a virus is found and it could 
not be repaired,” is not chosen, the unscannable actions are very likely to take 
place. 

 lists some common Anti-Virus configuration options. 

Drop-attachments: NO 

Scanning: Scan-Only 

Cleaned messages: Deliver 

Unscannable messages: DROP message 

Encrypted messages: Send to administrator or 
quarantine for review.

Viral messages: Drop message

Drop-attachments: YES 

Scanning: Scan and Repair 

Cleaned messages: [VIRUS REMOVED] and Deliver 

Unscannable messages: Forward as attachment 

Encrypted messages: Mark and forward

Viral messages: Quarantine or mark and forward.