Cisco Cisco Email Security Appliance C190 Guía Del Usuario
Chapter 10 Outbreak Filters
10-24
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
To remove an extension from the list of bypassed extensions, click the trash can
icon next to the extension in the File Extensions to Bypass list.
icon next to the extension in the File Extensions to Bypass list.
Bypassing File Extensions: Container File Types
When bypassing file extensions, files within container files (a .doc file within a
.zip, for example) are bypassed if the extension is in the list of extensions to
bypass. For example, if you add .doc to the list of extensions to bypass, all .doc
files, even those within container files are bypassed.
.zip, for example) are bypassed if the extension is in the list of extensions to
bypass. For example, if you add .doc to the list of extensions to bypass, all .doc
files, even those within container files are bypassed.
Message Modification
Enable Message Modification if you want the appliance to scan messages for
non-viral threats, such as phishing attempts or links to malware websites.
non-viral threats, such as phishing attempts or links to malware websites.
Based on the message’s threat level, AsyncOS can modify the message to rewrite
all of the URLs to redirect the recipient through the Cisco web security proxy if
they attempt to open the website from the message. The appliance can also add a
disclaimer to the message to alert the user that the message’s content is suspicious
or malicious.
all of the URLs to redirect the recipient through the Cisco web security proxy if
they attempt to open the website from the message. The appliance can also add a
disclaimer to the message to alert the user that the message’s content is suspicious
or malicious.
You need to enable message modification in order to quarantine non-viral threat
messages.
messages.
Message Modification Threat Level
Select a Message Modification Threat Level threshold from the list. This setting
determines whether to modify a message based on the threat level returned by
CASE. A smaller number means that you will be modifying more messages, while
a larger number results in fewer messages being modified. Cisco recommends the
default value of 3.
determines whether to modify a message based on the threat level returned by
CASE. A smaller number means that you will be modifying more messages, while
a larger number results in fewer messages being modified. Cisco recommends the
default value of 3.
Message Subject
You can alter the text of the Subject header on non-viral threat messages
containing modified links by prepending or appending certain text strings to
notify users that the message has been modified for their protection.
containing modified links by prepending or appending certain text strings to
notify users that the message has been modified for their protection.