Showing results for 
Search instead for 
Did you mean: 

Report of Outgoing Messages NOT Scanned

Hey All,


I was wondering if there's a way to run a report of all outgoing messages that were NOT scanned by either anti-virus or DLP or anything. We had a major DLP incident and it was not caught because the file size was too large and it skipped the scan.


Looking for a way to find these messages so we can go back and look into those to see if there were any other incidents.


Environment: Cisco M300V running version 11.1.0-131


Thank you so much!

Cisco Employee

Re: Report of Outgoing Messages NOT Scanned

There is no report but if you are syslogging the mail_logs off box you could run something to look for the Message to Large indicators and create a report. Other than that you'd have to grep the logs that are being stored off-box for the same.


Re: Report of Outgoing Messages NOT Scanned

Thanks Tom,


Would that be the same if we wanted a report of all attachments over 5MB? Since that's the limit, maybe a work-a-round would be to search by message/file size? I appreciate the input!

Cisco Employee

Re: Report of Outgoing Messages NOT Scanned

Since you can’t specifically set a Content Filter on attachment size but you can on message size which includes body + attachment I would suggest add a content filter as a condition and then the action is add Log Entry and then you can search for the log entry.

The other alternative is a Message Filter which does support attachment-size rule. Refer to the User Guide for Message Filter processing. Keep in mind Message Filters happen before spam scanning so you could end up with some log entries that get dropped due to spam scanning and other engines.


Re: Report of Outgoing Messages NOT Scanned

Thank you for your help, Tom! It's much appreciated. I'll go back to our security team and let them know!

CreatePlease to create content
Content for Community-Ad
Blog-Cisco Community Designated VIP Class of 2019