Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2147
Views
0
Helpful
3
Replies

Block attachment file with hidden attachment

Go to solution
rockbd
Level 1
Level 1

‎06-20-2017 12:35 AM

Dear All

Recently i found out that mail gateway is getting some mail which have attachment and with that attachment there are some hidden link if you click that link it will take you to another link where a .js or exe file will be downloaded is there anyway to block this type of mail via ironport. 

Sample is attach with the mail.

1 person had this problem
Labels:
Preview file
163 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to rockbd

‎06-22-2017 02:05 AM

AMP File reputation and File Analysis services are licensed separately so if not already purchased you would need to reach out to your reseller or accounts team to obtain licenses for this feature.

The configuration and working of AMP is explained in the end user guides.

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa10-0/ESA_10-0_User_Guide.pdf

- LIbin V

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎06-20-2017 02:18 AM

Hi,

The anti-spam, Sophos and AMP scanning engines should ideally detect and block attachments containing malicious content.

Creating a manual filter for the same would probably be more on the lines of attachment-contains http or https which could lead to a lot of false positives.

My recommendation would be to ensure AMP is enabled and to submit any missed samples to TAC.

The PDF provided is currently triggering as malicious on AMP sandbox due to its javascript and executable content.

Thank You!
Libin Varghese

0 Helpful

Go to solution
rockbd
Level 1
Level 1
In response to Libin Varghese

‎06-21-2017 08:55 PM

I should have inform you early, that i am new in Ironport management.

So don't understand what you say by "My recommendation would be to ensure AMP is enabled and to submit any missed samples to TAC."

How i can enable AMP and TAC?

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to rockbd

‎06-22-2017 02:05 AM

AMP File reputation and File Analysis services are licensed separately so if not already purchased you would need to reach out to your reseller or accounts team to obtain licenses for this feature.

The configuration and working of AMP is explained in the end user guides.

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa10-0/ESA_10-0_User_Guide.pdf

- LIbin V

0 Helpful
Customers Also Viewed These Support Documents