Cisco Cisco Email Security Appliance C680 User Guide

The Virus Outbreak Filters engine compares incoming messages with published 
Virus Outbreak Filter rules. Messages that match rules are assigned a threat level 
and that threat level is compared to the threat level threshold you set. Messages 
that meet or exceed that threshold are quarantined.

The process of outbreak detection and filtering begins with SenderBase: 
SenderBase tracks more than 20 million IP addresses and has a view into 
approximately 25% of the world’s email traffic. IronPort uses historical 
SenderBase data to create a statistical view of normal global traffic patterns. The 
Virus Outbreak Filters engine depends on the set of rules that are used to 
determine threat levels of incoming messages.

The Virus Outbreak Filters feature has significant enhancements in features and 
usability. At a high level the enhancements include, but are not limited to:

Increased granularity of Outbreak Rules (including anti-virus signature rules) 

Addition of CASE (Context Adaptive Scanning Engine) scanning

Addition of Adaptive Rules

Dynamic Quarantine (Periodic message re-evaluation, auto release based on 
anti-virus update, enhanced overflow options etc.) 

Better Quarantine Management (enhanced visibility, search/sort options, 
alerts etc.) 

These feature enhancements are designed to increase the systems capture rate for 
outbreaks and provide enhanced visibility into an outbreak along with increased 
ease of use and management of outbreak messages.