Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
847
Views
0
Helpful
0
Replies

Firepower SMTP Block Malware

Squared
Level 1
Level 1

‎10-27-2016 06:22 AM - edited ‎03-12-2019 06:10 AM

Hi,

On our Firepower system we block all incoming malware after file lookup.

We have an issue on incoming SMTP traffic; because the incoming malware has been blocked (and connection is reset), the sending SMTP will retry to send us the same mail with the same malware.

This creates a lot of hits in our events; depending on the settings of the sending SMTP server. (Usually 4 times an hour)

Offcourse after while, the sending SMTP server will give up, but by then our firepower already got a lot of events, which makes it hard for us to filter.

Is there a way to block the malware, and tell the sending SMTP server to discard the mail?

4 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card