Cisco Cisco Email Security Appliance C650 Guía Del Usuario
14-16
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 14 Outbreak Filters
Managing Outbreak Filters (GUI)
Message Modification
Enable Message Modification if you want the appliance to scan messages for non-viral threats, such as
phishing attempts or links to malware websites.
phishing attempts or links to malware websites.
Based on the message’s threat level, AsyncOS can modify the message to rewrite all of the URLs to
redirect the recipient through the Cisco web security proxy if they attempt to open the website from the
message. The appliance can also add a disclaimer to the message to alert the user that the message’s
content is suspicious or malicious.
redirect the recipient through the Cisco web security proxy if they attempt to open the website from the
message. The appliance can also add a disclaimer to the message to alert the user that the message’s
content is suspicious or malicious.
You need to enable message modification in order to quarantine non-viral threat messages.
Message Modification Threat Level
Select a Message Modification Threat Level threshold from the list. This setting determines whether to
modify a message based on the threat level returned by CASE. A smaller number means that you will be
modifying more messages, while a larger number results in fewer messages being modified. Cisco
recommends the default value of 3.
modify a message based on the threat level returned by CASE. A smaller number means that you will be
modifying more messages, while a larger number results in fewer messages being modified. Cisco
recommends the default value of 3.
Message Subject
You can alter the text of the subject header on non-viral threat messages containing modified links to
notify users that the message has been modified for their protection. Prepend or append the subject
header with custom text, Outbreak Filter variables such as
notify users that the message has been modified for their protection. Prepend or append the subject
header with custom text, Outbreak Filter variables such as
$threat_verdict
,
$threat_category
,
$threat_type
,
$threat_description
, and
$threat_level
, or a combination of both. To insert
variables, click Insert Variables, and select from the list of variables.
White space is not ignored in the Message Subject field. Add spaces after (if prepending) or before (if
appending) the text you enter in this field to separate your added text from the original subject of the
message. For example, add the text
appending) the text you enter in this field to separate your added text from the original subject of the
message. For example, add the text
[MODIFIED FOR PROTECTION]
with a few trailing spaces if you are
prepending.
Note
The Message Subject field only accepts US-ASCII characters.
Outbreak Filters Email Headers
You can add the following additional headers to the message:
Header
Format
Example
Options
X-IronPort-Outbreak-Status
X-IronPort-Outbreak-Status:
$threat_verdict, level
$threat_level, $threat_category
- $threat_type
X-IronPort-Outbreak-Sta
tus: Yes, level 4, Phish
- Password
•
Enable for all
messages
messages
•
Enable only
for non-viral
outbreak
for non-viral
outbreak
•
Disable
X-IronPort-Outbreak-Description
X-IronPort-Outbreak-Description
: $threat_description
X-IronPort-Outbreak-Des
cription: It may trick
victims into submitting
their username and
password on a fake
website.
•
Enable
•
Disable