Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
692
Views
0
Helpful
6
Replies

i got mail blocked

sriramvaithianathan
Level 1
Level 1

‎02-15-2015 09:22 PM

i got mail from my printer authorized agent (both are private mail ID's).  but it has blocked due to that mail contains virus, blocked via Cisco appliance. how it has happened?  which one is that appliance? kindly answer it, i am very eager to know.

Labels:
0 Helpful
6 Replies 6

Mathew Huynh
Cisco Employee
Cisco Employee

‎02-15-2015 10:03 PM

Hello,

If you could review the message tracking logs on your ESA device.

GUI > Monitor > Message Tracking

Search and locate, then click on 'show details'

 

It will show you what type of viral definition was seen within the attachment and by which Virus scanner (if the ESA dropped it).

Or if you have content filters scanning to drop it.

 

Please review this and let us know if you have further questions.

 

You'll see something similar to:

---
Wed Feb  4 14:08:49 2015 Info: MID 144 interim AV verdict using Sophos VIRAL
Wed Feb  4 14:08:49 2015 Info: MID 144 antivirus positive 'Troj/Agent-AIRO'
Wed Feb  4 14:08:49 2015 Info: Message aborted MID 144 Dropped by antivirus

---

0 Helpful

sriramvaithianathan
Level 1
Level 1
In response to Mathew Huynh

‎02-15-2015 10:17 PM

sorry, i do not have device to view and show.  i am a end user.  and mail having the attachments.  so i need to know, what is the appliance that to block?  and how?

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to sriramvaithianathan

‎02-15-2015 10:19 PM

I'm afraid we cannot determine what may have caused the block of the email then.

If it was due to local content filters in place, or if the email contained something of spammy nature (false positive if it's a legitimate email) or if the attachment contained a virus.

 

These are the three aspects i believe that can block it, but without the tracking information we cannot determine this and can only assume one of the three scenarios.

 

Did you get any bounce replies to the email or did the private ID's receive any bounce replies if the ESA blocked it?

0 Helpful

sriramvaithianathan
Level 1
Level 1
In response to Mathew Huynh

‎02-15-2015 10:24 PM

which appliance is that to block email contains virus?

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to sriramvaithianathan

‎02-15-2015 10:29 PM

If your client or the domain is using a Cisco ESA device.

THey would have purchased either Sophos or McAfee license key for virus filtering.

0 Helpful

sriramvaithianathan
Level 1
Level 1
In response to Mathew Huynh

‎02-15-2015 10:37 PM

thank you, i will investigate it to my colleague.  once again thank you. 

how do we block facebook.com and youtube.com on cisco router 1941 ?

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents