PDF(87.2 KB) View with Adobe Reader on a variety of devices
ePub(152.6 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(131.0 KB) View on Kindle device or Kindle app on multiple devices
Updated:June 14, 2019
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes why messages are matching Message or Content filter conditions when a "message scanning error" occurs on the Cisco Email Security Appliance (ESA) and Cloud Email Security (CES) appliance.
Messages are sent into the ESA/CES for filtering, the mail_logs or message tracking shows the results of "message scanning error" followed by a positive match against the message/content filter that was conducting the scan.
Sample errors found on the mail_logs/message tracking:
When an email attachment exceeds a threshold configured, a message scanning error is logged. Should the ESA/CES have assume the attachment matches enabled, it will trigger the filter match and action as configured.
Note: Attachment scanning on the ESA/CES has different thresholds which are defined within the scanconfig configuration on the CLI or scan behaviour settings on the GUI.
On the CLI, the feature can be enabled or disabled in the scanconfig command:
There are currently 5 attachment type mappings configured to be SKIPPED.
Choose the operation you want to perform: - NEW - Add a new entry. - DELETE - Remove an entry. - SETUP - Configure scanning behavior. - IMPORT - Load mappings from a file. - EXPORT - Save mappings to a file. - PRINT - Display the list. - CLEAR - Remove all entries. - SMIME - Configure S/MIME unpacking. > setup
1. Scan only attachments with MIME types or fingerprints in the list. 2. Skip attachments with MIME types or fingerprints in the list. Choose one: >
Enter the maximum depth of attachment recursion to scan: >
Enter the maximum size of attachment to scan: >
Do you want to scan attachment metadata? [Y]>
Enter the attachment scanning timeout (in seconds): >
If a message has attachments that were not scanned for any reason (e.g. because of size, depth limits, or scanning timeout), assume the attachment matches the search pattern? [Y]>
Ensure all changes are commited by entering the commit command..
Navigate to Security Services then Scan Behaviour
Click Edit the Global Settings
Disable/Enable Assume attachment matches pattern if not scanned for any reason.
For more information about the scanconfig command, see the AsyncOS Advanced User Guide on the Cisco Support Portal.