Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Notifications...

Hi everybody!

Sorry if a topic look like this one...

Do you know if A/V Notifications customization will be implemented on C-series in next release?

A lot of customers ask us to do this...

Regards
Xavier

1 REPLY
New Member

Re: Notifications...

You can achieve this today by using a content filter.


Set the action for "Virus Infected Messages" to be "Deliver As Is", not to add anything to the subject, and not to send any notification. Under Advanced, set "Add Custom Header to Message" to something like
Header : X-IsVirus
Value : True

In order words, if we get a message with a virus, at this point do nothing other than add a header to it.

Then create a new Content Filter (call it whatever you want) with a condition of :
Other Header X-IsVirus Equals True

When you click Add this should show up as :
header("X-IsVirus") == "^True$"

In the action for the content filter, select Quarantine and then the quarantine name (I'd suggest creating a new quarantine to use specifically for these messages) or just Drop if you don't want to quarantine it, and then Add Action. Then as a second action select Notify and fill in the relevant values. The Template it will end up using will need to be a Notify Template (as opposed to an Anti-Virus template). After doing all that you should end up with something like :

quarantine ("VirusQ")
notify ("$EnvelopeRecipients", "[Virus] $SUBJECT", "", "VirusTemplate")


(Where VirusQ is the name of the quarantine, and VirusTemplate is the name of the template)

Check that the Content Filter is assigned to the default policy, and you should be right to go! You can test it's working by sending an email or using the Trace function in the web GUI with the EICAR test virus to trigger it - http://www.eicar.org/anti_virus_test_file.htm
Given that you've configured the default behavior to be that viruses get send through largely untouched it's critical you make sure that the content filter is working as expected!

As the quarantine the message ends up in is a Policy quarantine users will not be able to release it themselves (which is the same as for the virus quarantine). When released it will not be marked in any way other than the extra header - you could add another rule in the content filter to modify the subject if you wanted to.

125
Views
0
Helpful
1
Replies