郵件或內容過濾器掃描錯誤匹配條件並採取措施
簡介
本文檔介紹當思科郵件安全裝置(ESA)和雲郵件安全(CES)裝置上發生「郵件掃描錯誤」時,郵件與郵件或內容過濾器條件匹配的原因。
問題
郵件被傳送到ESA/CES以進行過濾,mail_logs或郵件跟蹤顯示「郵件掃描錯誤」的結果,然後與執行掃描的郵件/內容過濾器進行正匹配。
在mail_logs/message跟蹤中找到的錯誤示例:
Tue Sep 9 13:37:35 2014 Warning: MID 15180223, message scanning error: Size Limit Exceeded
Tue Sep 9 14:27:31 2015 Warning: MID 15180325, message scanning error: Scan Depth Exceeded
解決方案
當電子郵件附件超過配置的閾值時,會記錄郵件掃描錯誤。如果ESA/CES假定已啟用附件匹配,它將觸發過濾器匹配和配置的操作。
在CLI上,可以使用scanconfig指令啟用或停用該功能:
myesa.loca> scanconfig
There are currently 5 attachment type mappings configured to be SKIPPED.
Choose the operation you want to perform:
- NEW - Add a new entry.
- DELETE - Remove an entry.
- SETUP - Configure scanning behavior.
- IMPORT - Load mappings from a file.
- EXPORT - Save mappings to a file.
- PRINT - Display the list.
- CLEAR - Remove all entries.
- SMIME - Configure S/MIME unpacking.
[]> setup
1. Scan only attachments with MIME types or fingerprints in the list.
2. Skip attachments with MIME types or fingerprints in the list.
Choose one:
[2]>
Enter the maximum depth of attachment recursion to scan:
[5]>
Enter the maximum size of attachment to scan:
[2621440]>
Do you want to scan attachment metadata? [Y]>
Enter the attachment scanning timeout (in seconds):
[1]>
If a message has attachments that were not scanned for any reason (e.g. because
of size, depth limits, or scanning timeout), assume the attachment matches the
search pattern? [Y]>
通過輸入commit命令確保已提交所有更改。
在GUI上:
- 依次導航到安全服務和掃描行為
- 按一下Edit the Global Settings
- 禁用/啟用假設因任何原因未掃描的附件匹配模式。
有關 scanconfig 命令,請參閱《 AsyncOS高級使用手冊》。 思科支援入口網站.
意見