Cisco Cisco Email Security Appliance X1070 User Guide
Chapter 10 Virus Outbreak Filters
10-336
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Once that calculation has been completed, the Virus Outbreak Filters feature will
check whether the VTL of that message meets or exceeds your threshold value. If
it does, that message will be quarantined, otherwise it will be passed along for
further processing in the pipeline.
check whether the VTL of that message meets or exceeds your threshold value. If
it does, that message will be quarantined, otherwise it will be passed along for
further processing in the pipeline.
Message Scoring, the Context Adaptive Scanning Engine, and
Virus Outbreak Filters
Virus Outbreak Filters
Virus Outbreak Filters are powered by IronPort’s unique Context Adaptive
Scanning Engine (CASE). CASE leverages over 100,000 adaptive message
attributes tuned automatically and on a regular basis, based on real-time analysis
of messaging threats. For Virus Outbreak Filters, CASE analyzes the message
content, context and structure to accurately determine likely Adaptive Rule
triggers.
Scanning Engine (CASE). CASE leverages over 100,000 adaptive message
attributes tuned automatically and on a regular basis, based on real-time analysis
of messaging threats. For Virus Outbreak Filters, CASE analyzes the message
content, context and structure to accurately determine likely Adaptive Rule
triggers.
CASE combines Adaptive Rules and real-time Outbreak Rules published by the
TOC (Threat Operations Center) to score every message and assign a unique Virus
Threat Level (VTL). This VTL is compared to the preset quarantining threshold
on the appliance and if it is equal to or exceeds this threshold level, messages will
automatically start getting quarantined.
TOC (Threat Operations Center) to score every message and assign a unique Virus
Threat Level (VTL). This VTL is compared to the preset quarantining threshold
on the appliance and if it is equal to or exceeds this threshold level, messages will
automatically start getting quarantined.
Additionally, CASE re-evaluates existing quarantine messages against the latest
rules published to determine the latest threat level of a message. This ensures that
only messages that have a threat level consistent with an outbreak message stay
within the quarantine and messages that are no longer a threat flow out of the
quarantine after an automatic re-evaluate.
rules published to determine the latest threat level of a message. This ensures that
only messages that have a threat level consistent with an outbreak message stay
within the quarantine and messages that are no longer a threat flow out of the
quarantine after an automatic re-evaluate.
For more information about CASE, see
.
In the case of multiple scores — one score from an Adaptive Rule (or the highest
score if multiple Adaptive Rules apply), and another score from an Outbreak Rule
(or the highest score if multiple Outbreak Rules apply) — intelligent algorithms
are used to determine the score.
score if multiple Adaptive Rules apply), and another score from an Outbreak Rule
(or the highest score if multiple Outbreak Rules apply) — intelligent algorithms
are used to determine the score.