Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
14-2
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 14 Outbreak Filters
How Outbreak Filters Work
•
Delay. Outbreak Filters quarantines messages that may be part of a virus outbreak or non-viral
attack . While quarantined, the appliances receives updated outbreak information and rescans the
message to confirm whether it’s part of an attack.
attack . While quarantined, the appliances receives updated outbreak information and rescans the
message to confirm whether it’s part of an attack.
•
Redirect. Outbreak Filters rewrites the URLs in non-viral attack messages to redirect the recipient
through the Cisco web security proxy if they attempt to access any of the linked websites. The proxy
displays a splash screen that warns the user that the website may contain malware, if the website is
still operational, or displays an error message if the website has been taken offline. See
through the Cisco web security proxy if they attempt to access any of the linked websites. The proxy
displays a splash screen that warns the user that the website may contain malware, if the website is
still operational, or displays an error message if the website has been taken offline. See
for more information on redirecting URLs.
•
Modify. In addition to rewriting URLs in non-viral threat messages, Outbreak Filters can modify a
message’s subject and add a disclaimer above the message body to warn users about the message’s
content. See
message’s subject and add a disclaimer above the message body to warn users about the message’s
content. See
Threat Categories
The Outbreak Filters feature provides protection from two categories of message-based outbreaks: virus
outbreaks, which are messages with never-before-seen viruses in their attachments, and non-viral
threats, which includes phishing attempts, scams, and malware distribution through links to an external
website.
outbreaks, which are messages with never-before-seen viruses in their attachments, and non-viral
threats, which includes phishing attempts, scams, and malware distribution through links to an external
website.
By default, the Outbreak Filters feature scans your incoming and outgoing messages for possible viruses
during an outbreak. You can enable scanning for non-viral threats in addition to virus outbreaks if you
enable anti-spam scanning on the appliance.
during an outbreak. You can enable scanning for non-viral threats in addition to virus outbreaks if you
enable anti-spam scanning on the appliance.
Note
Your appliance needs a feature key for Cisco Anti-Spam or Cisco Intelligent Multi-Scan in order for
Outbreak Filters to scan for non-viral threats.
Outbreak Filters to scan for non-viral threats.
Virus Outbreaks
The Outbreak Filters feature provides you with a head start when battling virus outbreaks. An outbreak
occurs when messages with attachments containing never-before-seen viruses or variants of existing
viruses spread quickly through private networks and the Internet. As these new viruses or variants hit the
Internet, the most critical period is the window of time between when the virus is released and when the
anti-virus vendors release an updated virus definition. Having advanced notice — even a few hours —
is vital to curbing the spread of the malware or virus. During that vulnerability window, the newly-found
virus can propagate globally, bringing email infrastructure to a halt.
occurs when messages with attachments containing never-before-seen viruses or variants of existing
viruses spread quickly through private networks and the Internet. As these new viruses or variants hit the
Internet, the most critical period is the window of time between when the virus is released and when the
anti-virus vendors release an updated virus definition. Having advanced notice — even a few hours —
is vital to curbing the spread of the malware or virus. During that vulnerability window, the newly-found
virus can propagate globally, bringing email infrastructure to a halt.
Phishing, Malware Distribution, and Other Non-Viral Threats
Messages containing non-viral threats are designed to look like a message from a legitimate sources and
often sent out to a small number of recipients. These messages may have one or more of the following
characteristics in order to appear trustworthy:
often sent out to a small number of recipients. These messages may have one or more of the following
characteristics in order to appear trustworthy:
•
The recipient’s contact information.
•
HTML content designed to mimic emails from legitimate sources, such as social networks and
online retailers.
online retailers.
•
URLs pointing to websites that have new IP addresses and are online only for a short time, which
means that email and web security services do not have enough information on the website to
determine if it is malicious.
means that email and web security services do not have enough information on the website to
determine if it is malicious.