Cisco Cisco Email Security Appliance C160 Betriebsanweisung
14-13
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 14 Outbreak Filters
Managing Outbreak Filters (GUI)
Managing Outbreak Filter Rules
Because the Outbreak Filters Rules are automatically downloaded for you, there really is no management
needed on the part of the user.
needed on the part of the user.
However, if for some reason your Cisco appliance is not able to reach Cisco’s update servers for new
rules over a period of time, it is possible that your locally-cached scores are no longer valid, i.e., if a
known viral attachment type now has an update in the anti-virus software and/or is no longer a threat.
At this time, you may wish to no longer quarantine messages with these characteristics.
rules over a period of time, it is possible that your locally-cached scores are no longer valid, i.e., if a
known viral attachment type now has an update in the anti-virus software and/or is no longer a threat.
At this time, you may wish to no longer quarantine messages with these characteristics.
You can manually download updated outbreak rules from Cisco’s update servers by clicking Update
Rules Now.
Rules Now.
Note
The Update Rules Now button does not “flush” all existing outbreak rules on the appliance. It only
replaces outbreak rules that have been updated. If there are no updates available on Cisco’s update
servers, then the appliance will not download any outbreak rules when you click this button.
replaces outbreak rules that have been updated. If there are no updates available on Cisco’s update
servers, then the appliance will not download any outbreak rules when you click this button.
Updating Outbreak Filter Rules
By default, your Cisco appliance will attempt to download new Outbreak Filters rules every 5 minutes.
You can change this interval via the Security Services > Service Updates page. For more information,
see
You can change this interval via the Security Services > Service Updates page. For more information,
see
.
The Outbreak Filters Feature and Mail Policies
The Outbreak Filters feature has settings that can be set per mail policy. The Outbreak Filters feature can
be enabled or disabled for each mail policy on the appliance. Specific file extensions and domains can
be exempted from processing by the Outbreak Filters feature, per mail policy. This functionality is also
available via the
be enabled or disabled for each mail policy on the appliance. Specific file extensions and domains can
be exempted from processing by the Outbreak Filters feature, per mail policy. This functionality is also
available via the
policyconfig
CLI command (see the Cisco AsyncOS CLI Reference Guide).
Note
Cisco Anti-Spam or Intelligent Multi-Scan scanning needs to be enabled globally on an appliance in
order for the Outbreak Filters feature to scan for non-viral threats.
order for the Outbreak Filters feature to scan for non-viral threats.
Figure 14-4
Mail Policy Listing
To modify the Outbreak Filters feature settings for a specific mail policy, click the link in the Outbreak
Filters column of the policy to change.
Filters column of the policy to change.