Cisco Email Security Appliance

How do I control body and attachment scanning in filters?

Document ID: 118119

Updated: Jul 31, 2014

Contributed by Scott Roeder and Stephan Bayer, Cisco TAC Engineers.



How do I control body and attachment scanning in filters?


The scanconfig command controls the behavior of body and attachment scanning,  including specifying the encodings to use when scanning attachments and which attachment  types should be skipped when scanning.

The scanconfig command sets these parameters:

  • MIME types of video/*, audio/*, image/* or anything that appears to be a PDF file are  skipped (not scanned for content). 
  • Nested (recursive) archive attachments up to 50 levels are scanned. (The default is 5  levels.).
  • The maximum size for attachments to be scanned is 25 MB; anything larger will be  skipped. (The default is 5 MB and Value must be an integer from 0 to 26214400)
  • Attachments that were not scanned are assumed to not match the search pattern. (This is  the default behavior.)

Note - When setting the assume the attachment matches the search pattern to Y,  messages that cannot be scanned will cause the message filter rule to evaluate to true. This could result in unexpected behavior, such as the quarantining of messages that do not match  a dictionary, but were quarantined because their content could not be correctly scanned.

For more information about filters and the scanconfig command, see the AsyncOS Advanced User Guide :

Cisco Email Security Appliance End-User Guides

Updated: Jul 31, 2014
Document ID: 118119