Confusion about if AV is enabled or not on the ESA

sg4rb0sg4rb0
edited June 15 in CCIE Security

Imagine an incoming email received and hits the "UNKNOWNLIST" sendergroup in the HAT and the action is ACCEPT. Fine. This means it goes to the mail flow policy of ACCEPT. Now say if I turn of AV here as part of the ACCEPT policy for all emails. That's fine too. Now, here is where I get confused. The ACCEPT action in the HAT indicates that for this incoming email, it will go to the incoming mail policy. Let's say I configure it so that all email is set to use the AV. What happens? In the mail flow policy, it says that the AV will not be used. In the incoming mail policy, it's saying AV will be used. Is the AV used or not, and why?

Sign In or Register to comment.