Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
14-12
Cisco AsyncOS 8.5 for Email User Guide
Chapter 14 Outbreak Filters
Managing Outbreak Filters (GUI)
•
Enable Outbreak Filters globally.
•
Enable Adaptive Rules scanning.
•
Set a maximum size for files to scan (note that you are entering the size in bytes)
•
Elect whether to enable alerts for the Outbreak Filter.
Note that alerts and Adaptive Rules are not enabled by default. This functionality is also available via
the
the
outbreakconfig
CLI command (see the Cisco AsyncOS CLI Reference Guide). After you make your
changes, submit and commit them.
Enabling the Outbreak Filters Feature
To enable the Outbreak Filters feature globally, check the box next to Enable Outbreak Filters on the
Outbreak Filters Global Settings page, and click Submit. You must have agreed to the Outbreak Filters
license agreement first.
Outbreak Filters Global Settings page, and click Submit. You must have agreed to the Outbreak Filters
license agreement first.
Once enabled globally, the Outbreak Filters feature can then be enabled or disabled individually for each
incoming and outgoing mail policy, including the default policies. For more information, see
incoming and outgoing mail policy, including the default policies. For more information, see
The Outbreak Filters feature uses the Context Adaptive Scanning Engine (CASE) to detect viral threats,
regardless of whether anti-spam scanning is enabled, but you do need to have Anti-Spam or Intelligent
Multi-Scan enabled globally on the aplliance in order to scan for non-viral threats.
regardless of whether anti-spam scanning is enabled, but you do need to have Anti-Spam or Intelligent
Multi-Scan enabled globally on the aplliance in order to scan for non-viral threats.
Note
If you have not already agreed to the license during system setup (see
must click Enable on the Security Services > Outbreak Filters page, and then read and agree to the
license.
license.
Enabling Adaptive Rules
Adaptive Scanning enables the use of Adaptive Rules in Outbreak Filters. A set of factors or traits (file
size, etc.) are used to determine the likelihood of a message being part of an outbreak when no virus
signature or spam criteria relating to the message’s content is available. To enable Adaptive Scanning,
check the box next to Enable Adaptive Rules on the Outbreak Filters Global Settings page, and click
Submit.
size, etc.) are used to determine the likelihood of a message being part of an outbreak when no virus
signature or spam criteria relating to the message’s content is available. To enable Adaptive Scanning,
check the box next to Enable Adaptive Rules on the Outbreak Filters Global Settings page, and click
Submit.
Enabling Alerts for Outbreak Filters
Check the box labeled “Emailed Alerts” to enable alerting for the Outbreak Filters feature. Enabling
emailed alerts for Outbreak Filters merely enables the alerting engine to send alerts regarding Outbreak
Filters. Specifying which alerts are sent and to which email addresses is configured via the Alerts page
in the System Administration tab. For more information on configuring alerts for Outbreak Filters, see
emailed alerts for Outbreak Filters merely enables the alerting engine to send alerts regarding Outbreak
Filters. Specifying which alerts are sent and to which email addresses is configured via the Alerts page
in the System Administration tab. For more information on configuring alerts for Outbreak Filters, see
Outbreak Filters Rules
Outbreak Rules are published by the Cisco Security Intelligence Operations and your appliance checks
for and downloads new outbreak rules every 5 minutes. You can change this update interval. See
for and downloads new outbreak rules every 5 minutes. You can change this update interval. See