Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
10-23
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 10 Outbreak Filters
Select Enable Outbreak Filtering (Inherit Default mail policy settings) to use
the Outbreak Filters settings that are defined for the default mail policy. If the
default mail policy has the Outbreak Filters feature enabled, all other mail policies
use the same Outbreak Filter settings unless they are customized.
the Outbreak Filters settings that are defined for the default mail policy. If the
default mail policy has the Outbreak Filters feature enabled, all other mail policies
use the same Outbreak Filter settings unless they are customized.
Once you have made your changes, commit your changes.
Setting a Quarantine Level Threshold
Select a Quarantine Threat Level threshold for outbreak threats from the list. A
smaller number means that you will be quarantining more messages, while a
larger number results in fewer messages quarantined. Cisco recommends the
default value of 3.
smaller number means that you will be quarantining more messages, while a
larger number results in fewer messages quarantined. Cisco recommends the
default value of 3.
For more information, see
Maximum Quarantine Retention
Specify the maximum amount of time in either hours or days that messages stay
in the Outbreak Quarantine. You can specify different retention times for
messages that may contain viral attachments and messages that may contain other
threats, like phishing or malware links. You cannot quarantine non-viral threats
unless you enable Message Modification for the policy.
in the Outbreak Quarantine. You can specify different retention times for
messages that may contain viral attachments and messages that may contain other
threats, like phishing or malware links. You cannot quarantine non-viral threats
unless you enable Message Modification for the policy.
CASE recommends a quarantine retention period when assigning the threat level
to the message. The Email Security appliance keeps the message quarantined for
the length of time that CASE recommends unless it exceeds the maximum
quarantine retention time for its threat type.
to the message. The Email Security appliance keeps the message quarantined for
the length of time that CASE recommends unless it exceeds the maximum
quarantine retention time for its threat type.
Bypassing File Extension Types
You can modify a policy to bypass specific file types. Bypassed file extensions are
not included when CASE calculates the threat level for the message; however, the
attachments are still processed by the rest of the email security pipeline.
not included when CASE calculates the threat level for the message; however, the
attachments are still processed by the rest of the email security pipeline.
To bypass a file extension, click Bypass Attachment Scanning, select or type in a
file extension, and click Add Extension. AsyncOS displays the extension type in
the File Extensions to Bypass list.
file extension, and click Add Extension. AsyncOS displays the extension type in
the File Extensions to Bypass list.