Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
2
Replies

Antivirus and AMP scan consulting

Go to solution
may-ye
Level 1
Level 1

‎05-30-2022 01:37 AM

ESA performs antivirus and AMP scans for both the message body and attachments.The customer was intercepted by antivirus due to attachments before, so now we need help to confirm the following problems:

 

1. When antivirus scan the message body, Will the scan result also be marked as Repair, Unscannable, and Encrypted?

 

2. Antivirus Result If you run Unscannable or Encrypted and continue to deliver the message, does the AMP scan result remain unchanged?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎05-30-2022 06:25 PM

AV repair action is enforced on infected attachment (not message body) as long as the engine is configured with "scan and repair" under message scanning settings.

Unscannable is when AV reaches its configured scanning timeout (default 60 secs for Sophos) regardless of whether its just message body or message body+attachment

Encrypted detection is when AV is not able to complete a scan due to encrypted contents (PGP or S/MIME). Additionally an email is considered encrypted by AV if it simply contains an encrypted attached (txt, doc, ppt etc)

 

Speaking about the 2nd question, AMP will scan according to the policy settings regardless of whether AV considered a message unscannable or encrypted.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎05-30-2022 06:25 PM

AV repair action is enforced on infected attachment (not message body) as long as the engine is configured with "scan and repair" under message scanning settings.

Unscannable is when AV reaches its configured scanning timeout (default 60 secs for Sophos) regardless of whether its just message body or message body+attachment

Encrypted detection is when AV is not able to complete a scan due to encrypted contents (PGP or S/MIME). Additionally an email is considered encrypted by AV if it simply contains an encrypted attached (txt, doc, ppt etc)

 

Speaking about the 2nd question, AMP will scan according to the policy settings regardless of whether AV considered a message unscannable or encrypted.

 

0 Helpful

Go to solution
may-ye
Level 1
Level 1
In response to UdupiKrishna

‎06-01-2022 12:12 AM

Thanks for you support, I got it.

0 Helpful
Customers Also Viewed These Support Documents