Cisco Cisco Email Security Appliance C160 Guía Del Usuario
36-3
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 36 SenderBase Network Participation
Frequently Asked Questions
Count of Outbreak quarantine messages broken
down by what action was taken upon leaving
quarantine
down by what action was taken upon leaving
quarantine
10 messages had attachments stripped after leaving
quarantine
quarantine
Sum of time messages were held in quarantine
20 hours
Table 36-2
Statistics Shared Per Sender IP Address
Item
Sample Data
Message count at various stages within the appliance
Seen by Anti-Virus engine: 100
Seen by Anti-Spam engine: 80
Sum of Anti-Spam and Anti-Virus scores and verdicts
2,000 (sum of anti-spam scores for all messages
seen)
seen)
Number of messages hitting different Anti-Spam and
Anti-Virus rule combinations
Anti-Virus rule combinations
100 messages hit rules A and B
50 messages hit rule A only
Number of Connections
20 SMTP Connections
Number of Total and Invalid Recipients
50 total recipients
10 invalid recipients
Hashed Filename(s):
(a)
A file <one-way-hash>.pif was found
inside an archive attachment called
<one-way-hash>.zip.
Obfuscated Filename(s): (b)
A file aaaaaaa0.aaa.pif was found inside a file
aaaaaaa.zip.
aaaaaaa.zip.
URL Hostname
(c)
There was a link found inside a message to
www.domain.com
www.domain.com
Obfuscated URL Path
(d)
There was a link found inside a message to hostname
www.domain.com, and had path aaa000aa/aa00aaa.
www.domain.com, and had path aaa000aa/aa00aaa.
Number of Messages by Spam and Virus Scanning
Results
Results
10 Spam Positive
10 Spam Negative
5 Spam Suspect
4 Virus Positive
16 Virus Negative
5 Virus Unscannable
Number of messages by different Anti-Spam and
Anti-Virus verdicts
Anti-Virus verdicts
500 spam, 300 ham
Count of Messages in Size Ranges
125 in 30K-35K range
Count of different extension types
300 “.exe” attachments
Correlation of attachment types, true file type, and
container type
container type
100 attachments that have a “.doc” extension but are
actually “.exe”
actually “.exe”
50 attachments are “.exe” extensions within a zip
Table 36-1
Statistics Shared Per Cisco Appliance (continued)
Item
Sample Data