Cisco Cisco Email Security Appliance C190 White Paper

Changing the Message Modification Threat Level should be done with

care. Level 3 is a balanced setting between catch rates and false

positives. Setting the Threat Level to a 2 or a 1 will make it look for

threat messages in email flows in a more aggressive manner, but will

lead to more false positives. Messages will not be lost, but may be

delayed in delivery, depending on the setting of the quarantine timer

and possible bypassing of the quarantine. The messages identified and

modified by Outbreak Filters will have URLs in them that will be rewritten

for redirection to the public proxy for click time scanning.

Step 3 Click to enable the X-IronPort-Outbreak Status headers and the

X-IronPort-Outbreak-Description headers

The headers add diagnostic information to the messages to assist email

administrators and technical support in troubleshooting.

Step 4 Click to enable URL rewriting for only unsigned messages and to

use the System-Generated threat disclaimer

Enabling URL Rewriting for all messages is a valid option, but care must

be taken as this will break message signing.

The Threat Disclaimer is prepended to the message above the body

and is used as a warning to the recipient that the message may be a

threat. This disclaimer can be customized by creating a new one using

Text Resources. There are multiple variables that can be added to the

message that the system will populate dynamically when adding the

disclaimer to the message. These variables include information on the

type of threat and a description of the threat for the recipient.

Step 5 Click Submit. The Other: 4 hours setting will show in the policy

list.

Cisco Email Security How-To Guide

How-To Protect Against URL-Based Attacks

Cisco Public