Cisco Cisco Email Security Appliance X1050 Informationshandbuch

Contributed by Chris Haag and Robert Sherwin, Cisco TAC Engineers.
Aug 07, 2014

This document describes and answers some of the more frequently asked questions regarding Outbreak
Filters, or Virus Outbreak Filters, on the Email Security Appliance (ESA).

Outbreak Filters protect your network from large−scale virus outbreaks and smaller, non−viral attacks, such
as phishing scams and malware distribution, as they occur. Unlike most anti−malware security software,
which cannot detect new outbreaks until data is collected and a software update is published, Cisco gathers
data on outbreaks as they spread and sends updated information to your ESA in real−time to prevent these
messages from reaching your users.

Cisco uses global traffic patterns to develop rules that determine if an incoming message is safe or part of an
outbreak. Messages that may be part of an outbreak are quarantined until they are determined to be safe based
on updated outbreak information from Cisco or new anti−virus definitions are published by Sophos and
McAfee.

Messages used in small−scale, non−viral attacks use a legitimate−looking design, the recipient's information,
and custom URLs that point to phishing and malware websites that have been online only for a short period of
time and are unknown to web security services. Outbreak Filters analyze a message's content and search for
URL links to detect this type of non−viral attack. Outbreak Filters can rewrite URLs to redirect traffic to
potentially harmful websites through a web security proxy, which either warns users that the website they are
attempting to access may be malicious or blocks the website completely.

Cisco recommends that you enable Sophos or McAfee Anti−Virus in addition to Virus Outbreak Filters to
increase your defense against viruses. However, VOF can operate independently without requiring Sophos or