×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Incoming policy to match encrypted email

Answered Question
Feb 3rd, 2014
User Badges:

hi,


The action in the default policy is to quarantine Encrypted Messages.


There is a requirement to deliver encrypted messagesfrom a specific Sender ([email protected]) to a Recipient ([email protected])


Created an incoming policy which matches this sender, and Antivirus policy is set to deliver encrypted messages.


how can we restrict this policy to be applicable only for messages from [email protected] to [email protected]


And have any encrypted message from [email protected] to any other recipients to be quarantined


regards

Correct Answer by David Miller about 3 years 6 months ago

You could set up a policy that applies to sender [email protected] where the AV policy for encrypted message is to deliver, and set the X-IronPort-AV header in the AV policy.  Then and create a content filter that applies to that policy that looks for the AV header and if the recipient is not [email protected] then quarantine the message.  I can't remember the value of the X-IronPort-AV header if the message is encrypted but it should be in the logs of in the header of the received message.  Or you could add a subject prefix in the AV settings that is applied when the message is encrypted (default is [WARNING: MESSAGE ENCRYPTED] and look for that subject prefix in the content filter.  Or you could add a custom header in the advanced section of the AV settings and look for that (and remove it if you want to clean things up).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
David Miller Mon, 02/03/2014 - 05:12
User Badges:

You could set up a policy that applies to sender [email protected] where the AV policy for encrypted message is to deliver, and set the X-IronPort-AV header in the AV policy.  Then and create a content filter that applies to that policy that looks for the AV header and if the recipient is not [email protected] then quarantine the message.  I can't remember the value of the X-IronPort-AV header if the message is encrypted but it should be in the logs of in the header of the received message.  Or you could add a subject prefix in the AV settings that is applied when the message is encrypted (default is [WARNING: MESSAGE ENCRYPTED] and look for that subject prefix in the content filter.  Or you could add a custom header in the advanced section of the AV settings and look for that (and remove it if you want to clean things up).

Actions

This Discussion