Solved: Re: Ironport cisco esa

ccna_security · ‎06-20-2019

Dear all. while reading ironport esa documentation I faced recommended option by cisco as follow.

Maxsimum message size to scan 3M

So, what about hackers send malicious email that's capacity is more than 3M?Will it not be scanned? That fake email will send to users directly without scanning?

Please if possible explain me

Ken Stieers · ‎06-20-2019

No. I'm reasonably sure that the reason they pick 3 meg is that the VAST majority of dirty files they see are less than 3meg. Like on the order of one in trillions.
But I'm paranoid.

View solution in original post

Ken Stieers · ‎06-20-2019

Yes, if a file is 4 meg itnwont get scanned by the engine in question.

Personally, I turn it up... you may take a performance hit. I'm not worried about that.

ccna_security · ‎06-20-2019

Thank you for prompt answer. frankly I did the same as you. turned up message scanning size. and will keep that setting.

I want to know your approach to this. Don't you think cisco recommendation that suggest users to set 3M maximum for scanning could lead to catastrophe. I am sure that cisco also has thought that viruse could be made more than 3M and wouldn't be scanned by ironport

Ken Stieers · ‎06-20-2019

No. I'm reasonably sure that the reason they pick 3 meg is that the VAST majority of dirty files they see are less than 3meg. Like on the order of one in trillions.
But I'm paranoid.

ccna_security · ‎06-21-2019

thanks you for discussion