Solved: Detecting xss embedded emails on ESA

ali.mouslmani · ‎04-26-2016

We are in the process of hardening our email security by implementing best practices on Cisco ESA (content filters, spf, etc).

We were testing Cross-Site Scripting (XSS) and noticed that emails that contain malicious XSS scripts and opened from a web mail portal are not stopped by Cisco Ironport.

Is this feature supported, before all? Maybe through AMP, if it runs the page in sandbox? Or is it limited to attachments?

Raed Boshmaf · ‎04-26-2016

Hi Ali,

There is a bug report opened regarding XSS, you can check the following link:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut87743/?reffering_site=dumpcr

from the bug report both AsyncOS version 9.1.0-040 and AsyncOS version 9.1.1-023 are known fixed releases.

What AsyncOS version are you running on your appliance?

And regarding the AMP feature is does file reputation and file analysis on the attachments in the e-mail, you can check the following link regarding a list of the supported files:

http://www.cisco.com/c/dam/en/us/td/docs/security/content_security/content_security_general/Content-security-file-reputation-and-analysis-criteria.pdf

Regards,

Raed

View solution in original post

Raed Boshmaf · ‎04-26-2016