User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

781

782

783

784

785

786

787

788

789

790

29-3

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 29 Tracking Messages

Searching for Messages

Option Description

Envelope Sender Select Begins With, Is, or Contains, then enter an email address, username,

or domain of a message sender to find.

You can enter any character(s). No validation of your entry is performed.

Envelope Recipient Select Begins With, Is, or Contains, and enter an email address, username, or

domain of a message recipient to find.

You can enter any character(s). No validation of your entry is performed.

Subject Select Begins With, Is, or Contains, and enter a text string to search for in the

message subject line.

Warning: Do not use this type of search in environments where regulations

prohibit such tracking.

Message Received Specify a date and time range.

If you do not specify a date, the query returns data for all dates. If you specify

a time range only, the query returns data for that time range across all available

dates.

Use the local date and time that the message was received by the Email

Security appliance.

Advanced options:

Sender IP Address/

Domain / Network

Owner

Specify the IP address, domain, or network owner of a remote host.

You can search within rejected connections only or search all messages.

Attachment Select Begins With, Is, or Contains, and enter an ASCII or Unicode text string

for one attachment to find. Leading and trailing spaces are not stripped from

the text you enter.

You can search for messages by attachment filenames only if you have

performed:

• Body scan using a message filter

• Body scan using a content filter

• Advanced Malware Protection (AMP) scan.

For more information about identifying files based on SHA-256 hash, see

Identifying Files by SHA-256 Hash, page 16-11.

Message Event Select one or more message processing events. For example, you can search for

messages that have been delivered, quarantined, or hard bounced.

Message events are added with an “OR” operator: Selecting multiple events

finds messages that match any of the conditions you specify.

Message ID Header Enter a text string for the SMTP Message-ID header.

This RFC 822 message header uniquely identifies each email message. It is

inserted in the message when the message is first created.

Cisco IronPort MID Enter a message number to search for. An IronPort MID uniquely identifies

each email message on the Email Security appliance.

Query Settings Change the default query timeout and maximum number of results to return.