Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1742
Views
0
Helpful
1
Replies

Incoming policy to match encrypted email

Go to solution
sanjumathen
Level 4
Level 4

‎02-03-2014 03:51 AM

hi,

The action in the default policy is to quarantine Encrypted Messages.

There is a requirement to deliver encrypted messagesfrom a specific Sender (aaa@example.com) to a Recipient (bbb@test.com)

Created an incoming policy which matches this sender, and Antivirus policy is set to deliver encrypted messages.

how can we restrict this policy to be applicable only for messages from aaa@example.com to bbb@test.com

And have any encrypted message from aaa@example.com to any other recipients to be quarantined

regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Miller
Level 1
Level 1

‎02-03-2014 05:12 AM

You could set up a policy that applies to sender aaa@example.com where the AV policy for encrypted message is to deliver, and set the X-IronPort-AV header in the AV policy.  Then and create a content filter that applies to that policy that looks for the AV header and if the recipient is not bbb@test.com then quarantine the message.  I can't remember the value of the X-IronPort-AV header if the message is encrypted but it should be in the logs of in the header of the received message.  Or you could add a subject prefix in the AV settings that is applied when the message is encrypted (default is [WARNING: MESSAGE ENCRYPTED] and look for that subject prefix in the content filter.  Or you could add a custom header in the advanced section of the AV settings and look for that (and remove it if you want to clean things up).

View solution in original post

0 Helpful
1 Reply 1

Go to solution
David Miller
Level 1
Level 1

‎02-03-2014 05:12 AM

You could set up a policy that applies to sender aaa@example.com where the AV policy for encrypted message is to deliver, and set the X-IronPort-AV header in the AV policy.  Then and create a content filter that applies to that policy that looks for the AV header and if the recipient is not bbb@test.com then quarantine the message.  I can't remember the value of the X-IronPort-AV header if the message is encrypted but it should be in the logs of in the header of the received message.  Or you could add a subject prefix in the AV settings that is applied when the message is encrypted (default is [WARNING: MESSAGE ENCRYPTED] and look for that subject prefix in the content filter.  Or you could add a custom header in the advanced section of the AV settings and look for that (and remove it if you want to clean things up).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents