AMP does it scan email attachments

jordeliason
Just browsing

AMP does it scan email attachments

Hello,

 

We are wondering if AMP Advanced Malware Protection scans email attachments? Lets consider two scenarios. One scenario is the email is flowing unencrypted. The other is encrypted email server connection.

 

Your input is appreciated.

 

Thank you, Jordan

8 REPLIES 8
PhilipDAth
Kind of a big deal

Re: AMP does it scan email attachments

My understanding is that it does - provided that the communications are not encrypted.

Dashboard_DJ
Meraki Employee

Re: AMP does it scan email attachments

@jordeliason, Here's a quick explanation from the AMP KB.

 

The MX Security Appliance will block HTTP-based file downloads based on the disposition received from the AMP cloud. If the MX receives a disposition of malicious for the file download, it will be blocked. If the MX receives a disposition of clean or unknown, the file download will be allowed to complete.

 

The supported file types for inspection are:

MS OLE2 (.doc, .xls, .ppt)
MS Cabinet (Microsoft compression type)
MS EXE
ELF (Linux executable)
Mach-O/Unibin (OSX executable)
Java (class/bytecode, jar, serialization)
PDF
ZIP (regular and spanned)*
EICAR (standardized test file)
SWF (shockwave flash 6, 13, and uncompressed)
 

* This includes the inspection of XML-based Microsoft Office file types (.docx, .xlsx, etc...).

lpopejoy
Building a reputation

Re: AMP does it scan email attachments

@Dashboard_DJthis means that SMTP traffic would NOT be inspected, correct?  In other words, AMP file scanning is limited to traffic on port 80?

Dashboard_DJ
Meraki Employee

Re: AMP does it scan email attachments

Correct on both.
BHC_RESORTS
A model citizen

Re: AMP does it scan email attachments


@PhilipDAth wrote:

My understanding is that it does - provided that the communications are not encrypted.


Only if it were on port 80 (so webmail). 

BHC Resorts IT Department
BHC_RESORTS
A model citizen

Re: AMP does it scan email attachments


@Dashboard_DJ wrote:

@jordeliason, Here's a quick explanation from the AMP KB.

 

The supported file types for inspection are:


ZIP (regular and spanned)*
 

 


I thought ZIP scanning was currently disabled? Seem to recall something about that in firmware notes.

BHC Resorts IT Department
CJ_Ramsey
Meraki Employee

Re: AMP does it scan email attachments

If you wanted to scan email attachments specifically for file disposition, your best bet would be to look at using a Cisco Email Security Appliance or Cloud Email Security, both of which will allow you to layer on AMP.

Enrico_Romero
Here to help

Re: AMP does it scan email attachments

CJ_Ramsey is right. Since the AMP is only scanning the NETWORK and it is not scanning the incoming and outgoing EMAIL traffic. Best to use Email Security Solution of Cisco.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.