Cisco Cisco Email Security Appliance C170 User Guide
35-4
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 35 SenderBase Network Participation
Frequently Asked Questions
(a) Filenames will be encoded in a 1-way hash (MD5).
(b) Filenames will be sent in an obfuscated form, with all lowercase ASCII letters ([a-z]) replaced with “a,” all uppercase ASCII
letters ([A-Z]) replaced with “A,” any multi-byte UTF-8 characters replaced with “x” (to provide privacy for other character
sets), all ASCII digits ([0-9]) replaced with “0,” and all other single byte characters (whitespace, punctuation, etc.)
maintained. For example, the file Britney1.txt.pif would appear as Aaaaaaa0.aaa.pif.
sets), all ASCII digits ([0-9]) replaced with “0,” and all other single byte characters (whitespace, punctuation, etc.)
maintained. For example, the file Britney1.txt.pif would appear as Aaaaaaa0.aaa.pif.
(c) URL hostnames point to a web server providing content, much as an IP address does. No confidential information, such as
usernames and passwords, are included.
(d) URL information following the hostname is obfuscated to ensure that any personal information of the user is not revealed.
From AsyncOS 8.5 for Email and later, if IronPort Anti-Spam or Intelligent Multi-Scan feature keys are
active and SenderBase Network Participation is enabled, AsyncOS performs the following actions to
improve the efficacy of the product:
active and SenderBase Network Participation is enabled, AsyncOS performs the following actions to
improve the efficacy of the product:
•
Collects information about repetition of certain headers in messages, encrypts the collected
information, and adds the encrypted information to the respective messages as headers.
information, and adds the encrypted information to the respective messages as headers.
You can submit these processed messages to Cisco for analysis. Each message is reviewed by a team
of human analysts and used to enhance the efficacy of the product. For instructions to submit
messages to Cisco for analysis, see
of human analysts and used to enhance the efficacy of the product. For instructions to submit
messages to Cisco for analysis, see
•
Sends a random sample of messages to CASE for Antispam scanning, irrespective of their sender's
SBRS. CASE scans these messages and uses the results to improve the efficacy of the product.
AsyncOS performs this action only when it is idle. As a result, this feedback mechanism does not
have any significant impact on the processing of messages.
SBRS. CASE scans these messages and uses the results to improve the efficacy of the product.
AsyncOS performs this action only when it is idle. As a result, this feedback mechanism does not
have any significant impact on the processing of messages.
What does Cisco do to make sure that the data I share is secure?
If you agree to participate in the SenderBase Network:
Correlation of extension and true file type with
attachment size
attachment size
30 attachments were “.exe” within the 50-55K range
Number of attached files uploaded to the file
reputation service (AMP cloud)
reputation service (AMP cloud)
1110 files were uploaded to the file reputation
service
service
Verdicts on files uploaded to the file reputation
service (AMP cloud)
service (AMP cloud)
10 files were found to be malicious
100 files were found to be clean
1000 files were unknown to the reputation service
Reputation score of files uploaded to the file
reputation service (AMP cloud)
reputation service (AMP cloud)
50 files had a reputation score of 37
50 files had a reputation score of 57
1 file had a reputation score of 61
9 files had a reputation score of 99
Names of files uploaded to the file reputation service
(AMP cloud)
(AMP cloud)
example.pdf
testfile.doc
Names of malware threats detected by the file
reputation service (AMP cloud)
reputation service (AMP cloud)
Trojan-Test
Table 35-2
Statistics Shared Per IP Address
Item
Sample Data (continued)