Solved: AMP Headers

sdonovan123 · ‎09-06-2017

I am looking to create a content filter that detecteds header for postive APM messages and send them to a quaratine. Would you be able to provide what the header looks like with a postive APM verdict?

Thanks!

dmccabej · ‎09-06-2017

Hello,

It sounds like maybe the X-Amp-Result: MALICIOUS header is what you're looking for. Here are some examples :

X-Amp-Result: CLEAN
X-Amp-Result: MALICIOUS
X-Amp-Result: UNKNOWN
X-Amp-Result: UNSCANNABLE

Hope that helps!

Thanks!

-Dennis M.

View solution in original post

Ken Stieers · ‎09-06-2017

In the amp config, you can set a custom header, and then do whatever you need to based on it. You probably want to "deliver as is", maybe drop the malware

sdonovan123 · ‎09-06-2017

Thanks for the info. Isn't there already a default header that is included? Thats what I am looking for.

Ken Stieers · ‎09-06-2017

I don't get infected mail (we drop the message), so I don't know...

dmccabej · ‎09-06-2017

Hello,

It sounds like maybe the X-Amp-Result: MALICIOUS header is what you're looking for. Here are some examples :

X-Amp-Result: CLEAN
X-Amp-Result: MALICIOUS
X-Amp-Result: UNKNOWN
X-Amp-Result: UNSCANNABLE

Hope that helps!

Thanks!

-Dennis M.