Cisco Cisco Hybrid Email Security White Paper
© 2016 Cisco and/or its affiliates. All rights reserved.
9
Changing the Message Modification Threat Level should be done with
care. Level 3 is a balanced setting between catch rates and false
positives. Setting the Threat Level to a 2 or a 1 will make it look for
threat messages in email flows in a more aggressive manner, but will
lead to more false positives. Messages will not be lost, but may be
delayed in delivery, depending on the setting of the quarantine timer
and possible bypassing of the quarantine. The messages identified and
modified by Outbreak Filters will have URLs in them that will be rewritten
for redirection to the public proxy for click time scanning.
Step 3 Click to enable the X-IronPort-Outbreak Status headers and the
X-IronPort-Outbreak-Description headers
The headers add diagnostic information to the messages to assist email
administrators and technical support in troubleshooting.
Step 4 Click to enable URL rewriting for only unsigned messages and to
use the System-Generated threat disclaimer
Enabling URL Rewriting for all messages is a valid option, but care must
be taken as this will break message signing.
The Threat Disclaimer is prepended to the message above the body
and is used as a warning to the recipient that the message may be a
threat. This disclaimer can be customized by creating a new one using
Text Resources. There are multiple variables that can be added to the
message that the system will populate dynamically when adding the
disclaimer to the message. These variables include information on the
type of threat and a description of the threat for the recipient.
Step 5 Click Submit. The Other: 4 hours setting will show in the policy
list.
Cisco Email Security How-To Guide
How-To Protect Against URL-Based Attacks
Cisco Public