Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3464
Views
0
Helpful
1
Replies

Anti-Virus engine Sophos. Interim verdict: ENCRYPTED means? ESA C670.

bsrinu001
Level 1
Level 1

‎10-02-2017 12:46 PM - edited ‎03-08-2019 07:25 PM

Hi Team,

I would like to know "Anti-Virus engine Sophos. Interim verdict: ENCRYPTED"

scanned by Anti-Virus engine. Found encrypted ---log says/ DCID has been genarated and delived to intended recipient as well

Note : The sending Ips/domain has been whitelisted on our ESA's.

Means the attechment has been deliverd right? is there any malfunction at ESA? please clarify. 

Labels:
0 Helpful
1 Reply 1

dmccabej
Cisco Employee
Cisco Employee

‎10-02-2017 02:42 PM - edited ‎10-02-2017 02:43 PM

Hello,

 

This log would mean that the Sophos engine scanned and found the message to be encrypted. For the behavior of what happens next, this can be configured under Mail Policies --> Incoming/Outgoing Mail Policies --> Anti-Virus --> Encrypted Messages.

 

Sophos AV defines an encrypted message as the following (found in Online Help) :

 

Encrypted Message Handling

Messages are considered encrypted if the engine is unable to finish the scan due to an encrypted or protected field in the message. Messages that are marked encrypted may also be repaired.

Note the differences between the encryption detection message filter rule (see Encryption Detection Rule) and the virus scanning actions for “encrypted” messages. The encrypted message filter rule evaluates to “true” for any messages that are PGP or S/MIME encrypted. The encrypted rule can only detect PGP and S/MIME encrypted data. It does not detect password protected ZIP files, or Microsoft Word and Excel documents that include encrypted content. The virus scanning engine considers any message or attachment that is password protected to be “encrypted.”

 

Thanks!

-Dennis M.

0 Helpful
Customers Also Viewed These Support Documents