User Guide

CHAPTER

12-1

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Anti-Virus

• Anti-Virus Scanning Overview, page 12-1

• Sophos Anti-Virus Filtering, page 12-2

• McAfee Anti-Virus Filtering, page 12-5

• How to Configure the Appliance to Scan for Viruses, page 12-6

• Sending an Email to the Appliance to Test Anti-Virus Scanning, page 12-16

• Updating Virus Definitions, page 12-18

Anti-Virus Scanning Overview

The Cisco appliance includes integrated virus scanning engines from third party companies Sophos and

McAfee. You can obtain license keys for the Cisco appliance to scan messages for viruses using one or

both of these virus scanning engines, and then configure your appliance to scan for viruses using either

anti-virus scanning engine.

The McAfee and Sophos engines contain the program logic necessary to scan files at particular points,

process and pattern-match virus definitions with data they find in your files, decrypt and run virus code

in an emulated environment, apply heuristic techniques to recognize new viruses, and remove infectious

code from legitimate files.

You can configure the appliance to scan messages for viruses (based on the matching incoming or

outgoing mail policy), and, if a virus is found, to perform different actions on the message (including

“repairing” the message of viruses, modifying the subject header, adding an additional X-header,

sending the message to an alternate address or mailhost, archiving the message, or deleting the message).

If enabled, virus scanning is performed in the “work queue” on the appliance, immediately after

Anti-Spam scanning. (See Email Pipeline and Security Services, page 4-7.)

By default, virus scanning is enabled for the default incoming and outgoing mail policies.