Cisco Cisco Email Security Appliance C160 Betriebsanweisung
10-13
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 10 Outbreak Filters
Enabling Adaptive Rules
Adaptive Scanning enables the use of Adaptive Rules in Outbreak Filters. A set of factors or traits (file
size, etc.) are used to determine the likelihood of a message being part of an outbreak when no virus
signature or spam criteria relating to the message’s content is available. To enable Adaptive Scanning,
check the box next to Enable Adaptive Rules on the Outbreak Filters Global Settings page, and click
Submit.
size, etc.) are used to determine the likelihood of a message being part of an outbreak when no virus
signature or spam criteria relating to the message’s content is available. To enable Adaptive Scanning,
check the box next to Enable Adaptive Rules on the Outbreak Filters Global Settings page, and click
Submit.
Enabling Alerts for Outbreak Filters
Check the box labeled “Emailed Alerts” to enable alerting for the Outbreak Filters feature. Enabling
emailed alerts for Outbreak Filters merely enables the alerting engine to send alerts regarding Outbreak
Filters. Specifying which alerts are sent and to which email addresses is configured via the Alerts page
in the System Administration tab. For more information on configuring alerts for Outbreak Filters, see
emailed alerts for Outbreak Filters merely enables the alerting engine to send alerts regarding Outbreak
Filters. Specifying which alerts are sent and to which email addresses is configured via the Alerts page
in the System Administration tab. For more information on configuring alerts for Outbreak Filters, see
Outbreak Filters Rules
Outbreak Rules are published by the Cisco IronPort Security Intelligence Operations and your Cisco
IronPort appliance checks for and downloads new outbreak rules every 5 minutes. You can change this
update interval. See
IronPort appliance checks for and downloads new outbreak rules every 5 minutes. You can change this
update interval. See
for more information.
Managing Outbreak Filter Rules
Because the Outbreak Filters Rules are automatically downloaded for you, there really is no management
needed on the part of the user.
needed on the part of the user.
However, if for some reason your Cisco IronPort appliance is not able to reach Cisco IronPort’s update
servers for new rules over a period of time, it is possible that your locally-cached scores are no longer
valid, i.e., if a known viral attachment type now has an update in the anti-virus software and/or is no
longer a threat. At this time, you may wish to no longer quarantine messages with these characteristics.
servers for new rules over a period of time, it is possible that your locally-cached scores are no longer
valid, i.e., if a known viral attachment type now has an update in the anti-virus software and/or is no
longer a threat. At this time, you may wish to no longer quarantine messages with these characteristics.
You can manually update the current outbreak rules by clicking Update Rules Now. This is identical to
issuing the
issuing the
outbreakupdate
command via the CLI (see the Cisco IronPort AsyncOS CLI Reference
Guide).
Updating Outbreak Filter Rules
By default, your Cisco IronPort appliance will attempt to download new Outbreak Filters rules every 5
minutes. You can change this interval via the Security Services > Service Updates page. For more
information, see
minutes. You can change this interval via the Security Services > Service Updates page. For more
information, see
.
The Outbreak Filters Feature and Mail Policies
The Outbreak Filters feature has settings that can be set per mail policy. The Outbreak Filters feature can
be enabled or disabled for each mail policy on the appliance. Specific file extensions and domains can
be exempted from processing by the Outbreak Filters feature, per mail policy. This functionality is also
available via the
be enabled or disabled for each mail policy on the appliance. Specific file extensions and domains can
be exempted from processing by the Outbreak Filters feature, per mail policy. This functionality is also
available via the
policyconfig
CLI command (see the Cisco IronPort AsyncOS CLI Reference Guide).