User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

321

322

323

324

325

326

327

328

329

330

12-11

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 12 Anti-Virus

How to Configure the Appliance to Scan for Viruses

The default text is:

Any message with multiple states causes a multi-part notification message informing users what actions

the appliance performed on the message (for example, the user is notified that the message was repaired

of a virus, but another part of the message was encrypted).

Archive Original Message

You can archive messages the system has identified as containing (or possibly containing) viruses to the

“avarchive” directory. The format is an mbox-format log file. You must configure an “Anti-Virus

Archive” log subscription to archive messages with viruses or messages that could not be completely

scanned. For more information, see Chapter 38, “Logging.”

Note In the GUI, you may need to click the “Advanced” link to reveal the “Archive original message” setting.

Sending Notifications

When the system has identified a message as containing viruses, you can send the default notification to

the sender, the recipient, and/or additional users. When specifying additional users to notify, separate

multiple addresses with commas (in both the CLI and the GUI). The default notification messages are:

Add Custom Header to Message

You can define an additional, custom header to be added to all messages that are scanned by the

anti-virus scanning engine. Click Yes and define the header name and text.

You can also create filters that use the

skip-viruscheck action so that certain messages bypass virus

scanning. See Bypass Anti-Virus System Action, page 9-72.

Table 12-2 Default Subject Line Text for Anti-Virus Subject Line Modification

Verdict Default Text to Add to Subject

Encrypted

[WARNING: MESSAGE ENCRYPTED]

Infected [WARNING: VIRUS DETECTED]

Repaired [WARNING: VIRUS REMOVED]

Unscannable [WARNING: A/V UNSCANNABLE]

Table 12-3 Default Notifications for Anti-Virus Notifications

Verdict Notification

Repaired The following virus(es) was detected in a mail message: <virus name(s)>

Actions taken: Infected attachment dropped (or Infected attachment repaired).

Encrypted The following message could not be fully scanned by the anti-virus engine due to

encryption.

Unscannable The following message could not be fully scanned by the anti-virus engine.

Infectious The following unrepairable virus(es) was detected in a mail message: <virus

name(s)>.