Cisco Cisco Email Security Appliance C650 Guía Del Usuario
15-16
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 15 Outbreak Filters
Managing Outbreak Filters
Note
Anti-Spam or Intelligent Multi-Scan scanning needs to be enabled globally on an appliance in order for
the Outbreak Filters feature to scan for non-viral threats.
the Outbreak Filters feature to scan for non-viral threats.
To modify the Outbreak Filters feature settings for a specific mail policy, click the link in the Outbreak
Filters column of the policy to change.
Filters column of the policy to change.
To enable and customize the Outbreak Filters feature for a particular mail policy, select Enable
Outbreak Filtering (Customize Settings).
Outbreak Filtering (Customize Settings).
You can configure the following Outbreak Filter settings for a mail policy:
•
Quarantine threat level
•
Maximum quarantine retention time
•
Deliver non-viral threat messages immediately without adding them to quarantine
•
File extension types for bypassing
•
Message modification threshold
•
Alter subject header using custom text and Outbreak Filter variables such as
$threat_verdict
,
$threat_category
,
$threat_type
,
$threat_description
, and
$threat_level
.
•
Include the following email headers:
–
X-IronPort-Outbreak-Status
–
X-IronPort-Outbreak-Description
•
Send the message to an alternate destination such as an Email Security Appliance or an exchange
server.
server.
•
URL rewriting
•
Threat disclaimer
Select Enable Outbreak Filtering (Inherit Default mail policy settings) to use the Outbreak Filters
settings that are defined for the default mail policy. If the default mail policy has the Outbreak Filters
feature enabled, all other mail policies use the same Outbreak Filter settings unless they are customized.
settings that are defined for the default mail policy. If the default mail policy has the Outbreak Filters
feature enabled, all other mail policies use the same Outbreak Filter settings unless they are customized.
Once you have made your changes, commit your changes.
Related Topics
•
•
•
•
Setting a Quarantine Level Threshold
Select a Quarantine Threat Level threshold for outbreak threats from the list. A smaller number means
that you will be quarantining more messages, while a larger number results in fewer messages
quarantined. Cisco recommends the default value of 3.
that you will be quarantining more messages, while a larger number results in fewer messages
quarantined. Cisco recommends the default value of 3.
For more information, see
.