简介
本文档介绍当思科邮件安全设备(ESA)和云邮件安全(CES)设备上发生“邮件扫描错误”时,邮件与邮件或内容过滤器条件匹配的原因。
问题
邮件被发送到ESA/CES进行过滤,mail_logs或邮件跟踪显示“邮件扫描错误”的结果,然后与执行扫描的邮件/内容过滤器进行正匹配。
在mail_logs/message跟踪中找到的错误示例:
Tue Sep 9 13:37:35 2014 Warning: MID 15180223, message scanning error: Size Limit Exceeded
Tue Sep 9 14:27:31 2015 Warning: MID 15180325, message scanning error: Scan Depth Exceeded
解决方案
当邮件附件超过配置的阈值时,会记录邮件扫描错误。如果ESA/CES假定已启用附件匹配,它将触发过滤器匹配和配置的操作。
注意:ESA/CES上的附件扫描具有不同的阈值,这些阈值在CLI上的scanconfig配置或GUI上的扫描行为设置中定义。
在CLI上,可以在scanconfig命令中启用或禁用该功能:
myesa.loca> scanconfig
There are currently 5 attachment type mappings configured to be SKIPPED.
Choose the operation you want to perform:
- NEW - Add a new entry.
- DELETE - Remove an entry.
- SETUP - Configure scanning behavior.
- IMPORT - Load mappings from a file.
- EXPORT - Save mappings to a file.
- PRINT - Display the list.
- CLEAR - Remove all entries.
- SMIME - Configure S/MIME unpacking.
[]> setup
1. Scan only attachments with MIME types or fingerprints in the list.
2. Skip attachments with MIME types or fingerprints in the list.
Choose one:
[2]>
Enter the maximum depth of attachment recursion to scan:
[5]>
Enter the maximum size of attachment to scan:
[2621440]>
Do you want to scan attachment metadata? [Y]>
Enter the attachment scanning timeout (in seconds):
[1]>
If a message has attachments that were not scanned for any reason (e.g. because
of size, depth limits, or scanning timeout), assume the attachment matches the
search pattern? [Y]>
通过输入commit命令确保已提交所有更改。
在GUI上:
- 依次导航到安全服务和扫描行为
- 单击Edit the Global Settings
- 禁用/启用如果由于任何原因未进行扫描,则假定附件匹配模式。
有关 scanconfig 命令,请参阅《 AsyncOS高级用户指南》 思科支持门户.
相关信息