Cisco Cisco Email Security Appliance C170 Betriebsanweisung
8-265
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Chapter 8 Anti-Spam
Note
If your IronPort appliance is set to receive mail from a local MX/MTA, you must
identify upstream hosts that may mask the sender’s IP address. See
identify upstream hosts that may mask the sender’s IP address. See
for more information.
Lowest False Positive Rate
IronPort Anti-Spam and IronPort Virus Outbreak Filters are powered by
IronPort’s patent-pending Context Adaptive Scanning Engine (CASE) ™. CASE
provides breakthrough accuracy and performance by analyzing over 100,000
message attributes across four dimensions:
IronPort’s patent-pending Context Adaptive Scanning Engine (CASE) ™. CASE
provides breakthrough accuracy and performance by analyzing over 100,000
message attributes across four dimensions:
Step 1
Email reputation — who is sending you this message?
Step 2
Message content — what content is included in this message?
Step 3
Message structure — how was this message constructed?
Step 4
Web reputation — where does the call to action take you?
Analyzing multi-dimensional relationships allows CASE to catch a broad range
of threats while maintaining exceptional accuracy. For example, a message that
has content claiming to be from a legitimate financial institution but that is sent
from an IP address on a consumer broadband network or that contains a URL
hosted on a “zombie” PC will be viewed as suspicious. In contrast, a message
coming from a pharmaceutical company with a positive reputation will not be
tagged as spam even if the message contains words closely correlated with spam.
of threats while maintaining exceptional accuracy. For example, a message that
has content claiming to be from a legitimate financial institution but that is sent
from an IP address on a consumer broadband network or that contains a URL
hosted on a “zombie” PC will be viewed as suspicious. In contrast, a message
coming from a pharmaceutical company with a positive reputation will not be
tagged as spam even if the message contains words closely correlated with spam.
Industry-Leading Performance
CASE combines the following features to deliver accurate verdicts quickly:
•
Multiple threats are scanned for in a single pass
•
Dynamic “early exit” system
System performance is optimized using IronPort's unique “early exit” system.
IronPort developed a proprietary algorithm to determine the order in which
rules are applied based on rule accuracy and computational expense. Lighter
and more accurate rules are run first, and if a verdict is reached, additional
rules are not required. This improves system throughput, allowing our
IronPort developed a proprietary algorithm to determine the order in which
rules are applied based on rule accuracy and computational expense. Lighter
and more accurate rules are run first, and if a verdict is reached, additional
rules are not required. This improves system throughput, allowing our