cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1720
Views
0
Helpful
3
Replies

How to interpret this warning on ESA C170

vesk01
Beginner
Beginner

Hello guys,

on our ESA C170 we get this error message:

Warning Directory Attack Prevention
Potential Virus Attack detected
Expiry of a KEY in 190 days

How to interpret it and what actions are needed?

Thanks,

Vesko

1 Accepted Solution

Accepted Solutions

Libin Varghese
Cisco Employee
Cisco Employee

Hi Vesko,

The Directory Harvest Attack Prevention (DHAP) keeps track of the number of invalid recipient addresses from a given sender.

Once a sender crosses an administrator-defined threshold, the sender is deemed to be untrusted, and mail from that sender is blocked with no Network Design Requirement (NDR) or error code generation. You can configure the threshold based upon the reputation of the sender. For example, untrusted or suspicious senders can have a low DHAP threshold, and trusted or reputable senders can have a high DHAP threshold.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118496-technote-esa-00.html

For the key expiring alert you could navigate to System Administration -> Feature Keys to review what licenses are about to expire and contact your reselller accordingly to renew them.

Both are information messages.

To locate DHAP alert information on the ESA.
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118936-technote-esa-00.html

Thank You!
Libin Varghese

View solution in original post

3 Replies 3

Libin Varghese
Cisco Employee
Cisco Employee

Hi Vesko,

The Directory Harvest Attack Prevention (DHAP) keeps track of the number of invalid recipient addresses from a given sender.

Once a sender crosses an administrator-defined threshold, the sender is deemed to be untrusted, and mail from that sender is blocked with no Network Design Requirement (NDR) or error code generation. You can configure the threshold based upon the reputation of the sender. For example, untrusted or suspicious senders can have a low DHAP threshold, and trusted or reputable senders can have a high DHAP threshold.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118496-technote-esa-00.html

For the key expiring alert you could navigate to System Administration -> Feature Keys to review what licenses are about to expire and contact your reselller accordingly to renew them.

Both are information messages.

To locate DHAP alert information on the ESA.
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118936-technote-esa-00.html

Thank You!
Libin Varghese

Thanks a lot

For the record, NDR stands for Non-Delivery Report (NDR) in this context.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: