10-15-2019 02:32 AM
Hi all,
i am on ESA 600V, need this:
* receive a message with virus
* strip virus (with notification "the attachment was stripped due virus...") but SEND the entire original email to the user
How can this be achieved? I suppose cannot do this via incoming mail policy.
Thanks
10-15-2019 05:51 AM
A few steps:
go into mail policies, possibly default
select Anti-Virus settings
scroll down to section Virus infected Messages
go to Advanced section and set your required delivery options
10-15-2019 06:01 AM
Hi,
the only options are:
Deliver as is; no help as you can imagine
Deliver as attachment; no help since you cannot strip virus
Quarantine; no help since it goes to quarantine queue
Drop; no help since it is completely dropped
What i need is to completely remove the viral attachment but give the user the original "eml" email file.
Thanks
10-15-2019 07:41 AM
You want to do two things to make this work
a) on top of the AV section select the box : Drop infected attachments if a virus is found - valid for all cases
b) select deliver as RFC822 to new message, as the virus was already removed in the previous step
10-15-2019 02:25 PM
10-16-2019 07:24 AM
Hi all,
thanks, this solution seems to work!
Would it be possible even to defang a url into body of email, in addition?
So to recap:
* Virus found
* Attachment stripped but original email sent as attachment
* Defang of malicious urls into body
Thanks!!!
10-16-2019 08:06 AM
10-16-2019 02:12 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide