Cisco Cisco Email Security Appliance C160 Guía Del Usuario
14-17
Cisco AsyncOS 8.5.6 for Email User Guide
Chapter 14 Outbreak Filters
Managing Outbreak Filters
To enable and customize the Outbreak Filters feature for a particular mail policy, select Enable
Outbreak Filtering (Customize Settings).
Outbreak Filtering (Customize Settings).
You can configure the following Outbreak Filter settings for a mail policy:
•
Quarantine threat level
•
Maximum quarantine retention time
•
Deliver non-viral threat messages immediately without adding them to quarantine
•
File extension types for bypassing
•
Message modification threshold
•
Alter subject header using custom text and Outbreak Filter variables such as
$threat_verdict
,
$threat_category
,
$threat_type
,
$threat_description
, and
$threat_level
.
•
Include the following email headers:
–
X-IronPort-Outbreak-Status
–
X-IronPort-Outbreak-Description
•
Send the message to an alternate destination such as an Email Security Appliance or an exchange
server.
server.
•
URL rewriting
•
Threat disclaimer
Select Enable Outbreak Filtering (Inherit Default mail policy settings) to use the Outbreak Filters
settings that are defined for the default mail policy. If the default mail policy has the Outbreak Filters
feature enabled, all other mail policies use the same Outbreak Filter settings unless they are customized.
settings that are defined for the default mail policy. If the default mail policy has the Outbreak Filters
feature enabled, all other mail policies use the same Outbreak Filter settings unless they are customized.
Once you have made your changes, commit your changes.
Related Topics
•
•
•
•
Setting a Quarantine Level Threshold
Select a Quarantine Threat Level threshold for outbreak threats from the list. A smaller number means
that you will be quarantining more messages, while a larger number results in fewer messages
quarantined. Cisco recommends the default value of 3.
that you will be quarantining more messages, while a larger number results in fewer messages
quarantined. Cisco recommends the default value of 3.
For more information, see
.
Maximum Quarantine Retention
Specify the maximum amount of time in either hours or days that messages stay in the Outbreak
Quarantine. You can specify different retention times for messages that may contain viral attachments
and messages that may contain other threats, like phishing or malware links. For non-viral threats, check
the Deliver messages without adding them to quarantine check box to deliver the messages
immediately without adding them to quarantine.
Quarantine. You can specify different retention times for messages that may contain viral attachments
and messages that may contain other threats, like phishing or malware links. For non-viral threats, check
the Deliver messages without adding them to quarantine check box to deliver the messages
immediately without adding them to quarantine.