Cisco Cisco Email Security Appliance C650 Guía Del Usuario
26-24
Cisco AsyncOS 8.5 for Email User Guide
Chapter 26 Using Email Security Monitor
Email Security Monitor Pages
A value of “--” indicates either a protection time does not exist, or the signature times were not available
from the anti-virus vendors (some vendors may not report signature times). This does not indicate a
protection time of zero. Rather, it means that the information required to calculate the protection time is
not available.
from the anti-virus vendors (some vendors may not report signature times). This does not indicate a
protection time of zero. Rather, it means that the information required to calculate the protection time is
not available.
Hit Messages from Incoming Messages section shows the percentage and number of viral attachment,
other threats (non-viral), and clean incoming messages.
other threats (non-viral), and clean incoming messages.
Hit Messages by Threat Level section shows the percentage and number of incoming threat messages
(viral and non-viral) based on threat levels (Level 1 through 5).
(viral and non-viral) based on threat levels (Level 1 through 5).
Messages resided in Outbreak Quarantine section shows the number of threat messages resided in the
Outbreak Quarantine based on the duration.
Outbreak Quarantine based on the duration.
Top URL's Rewritten section shows the list of top 10 URLs that were rewritten based on the number of
occurrences. Use the Items Displayed drop-down to view more rewritten URLs.
occurrences. Use the Items Displayed drop-down to view more rewritten URLs.
Using the Outbreak Filters page, you can answer questions like:
•
How many messages are being quarantined and what type of threats were they?
•
How much lead time has the Outbreak Filter feature been providing for virus outbreaks?
•
How do my local virus outbreaks compare to the global outbreaks?
Virus Types Page
The Virus Types page provides an overview of the viruses entering and being sent from your network.
The Virus Types page displays the viruses that have been detected by the virus scanning engines running
on your appliance. You might want to use this report to take a specific action against a particular virus.
For example, if you see that you are receiving a high volume of a viruses known to be embedded in PDF
files, you might want to create a filter action to quarantine messages with PDF attachments.
The Virus Types page displays the viruses that have been detected by the virus scanning engines running
on your appliance. You might want to use this report to take a specific action against a particular virus.
For example, if you see that you are receiving a high volume of a viruses known to be embedded in PDF
files, you might want to create a filter action to quarantine messages with PDF attachments.
If you run multiple virus scanning engines, the Virus Types page includes results from all enabled virus
scanning engines. The name of the virus displayed on the page is a name determined by the virus
scanning engines. If more than one scanning engine detects a virus, it is possible to have more than one
entry for the same virus.
scanning engines. The name of the virus displayed on the page is a name determined by the virus
scanning engines. If more than one scanning engine detects a virus, it is possible to have more than one
entry for the same virus.
The Virus Types page gives you an overview of the viruses entering or being sent from or to your
network. The Top Incoming Virus Detected section shows a chart view of the viruses that have been sent
to your network in descending order. The Top Outgoing Virus Detected section shows a chart view of
the viruses that have been sent from your network in descending order.
network. The Top Incoming Virus Detected section shows a chart view of the viruses that have been sent
to your network in descending order. The Top Outgoing Virus Detected section shows a chart view of
the viruses that have been sent from your network in descending order.
Note
To see which hosts sent virus-infected messages to your network, you can go to the Incoming Mail page,
specify the same reporting period and sort by virus-positive. Similarly, to see which IP addresses have
sent virus-positive email within your network, you can view the Outgoing Senders page and sort by
virus-positive messages.
specify the same reporting period and sort by virus-positive. Similarly, to see which IP addresses have
sent virus-positive email within your network, you can view the Outgoing Senders page and sort by
virus-positive messages.