Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Very early in a virus outbreak’s life cycle, broader rules are used to quarantine messages. As more 
information becomes available, increasingly focused rules are published, narrowing the definition of 
what is quarantined. As the new rules are published, messages that are no longer considered possible 
virus messages are released from quarantine (messages in the outbreak quarantine are rescanned as new 
rules are published).

Log in to the Graphical User Interface (GUI), select Security Services in the menu, and click Outbreak 
Filters.

T=0

Adaptive Rule 
(based on past 
outbreaks)

A consolidated rule set based 
on over 100K message 
attributes, which analyzes 
message content, context and 
structure

Messages are automatically quarantined 
if they match Adaptive Rules

T=5 min Outbreak Rule

Quarantine messages 
containing .zip (exe) files

Quarantine all attachments that are .zips 
containing a .exe

T=10 
min

Outbreak Rule

Quarantine messages that have 
.zip (exe) files greater than 50 
KB

Any message with .zip (exe) files that 
are less than 50 KB would be released 
from quarantine

T=20 
min

Outbreak Rule

Quarantine messages that have 
.zip (exe) files between 50 to 55 
KB, and have “Price” in the file 
name

Any message that does not match this 
criteria would be released from 
quarantine 

T=12 
hours

Outbreak Rule

Scan against new signature 

All remaining messages are scanned 
against the latest anti-virus signature