|Product Support||Talos Support||Cisco Support||Reference +||Current Release|
|Gateway||Reputation Lookup||Open a support case||Secure Email Guided Setup|
|Cloud Gateway||Email Status Portal||Support & Downloads||docs.ces.cisco.com|
|Email and Web Manager||Web & Email Reputation||Worldwide Contacts||Product Naming Quick Reference|
|Cloud Mailbox||Notification Service|
i am on ESA 600V, need this:
* receive a message with virus
* strip virus (with notification "the attachment was stripped due virus...") but SEND the entire original email to the user
How can this be achieved? I suppose cannot do this via incoming mail policy.
A few steps:
go into mail policies, possibly default
select Anti-Virus settings
scroll down to section Virus infected Messages
go to Advanced section and set your required delivery options
the only options are:
Deliver as is; no help as you can imagine
Deliver as attachment; no help since you cannot strip virus
Quarantine; no help since it goes to quarantine queue
Drop; no help since it is completely dropped
What i need is to completely remove the viral attachment but give the user the original "eml" email file.
You want to do two things to make this work
a) on top of the AV section select the box : Drop infected attachments if a virus is found - valid for all cases
b) select deliver as RFC822 to new message, as the virus was already removed in the previous step
thanks, this solution seems to work!
Would it be possible even to defang a url into body of email, in addition?
So to recap:
* Virus found
* Attachment stripped but original email sent as attachment
* Defang of malicious urls into body