Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The SIO website provides a list of current non-viral threats, including spam, 
phishing, and malware distribution attempts:

http://tools.cisco.com/security/center/home.x

Outbreak Filters are powered by Cisco IronPort’s unique Context Adaptive 
Scanning Engine (CASE). CASE leverages over 100,000 adaptive message 
attributes tuned automatically and on a regular basis, based on real-time analysis 
of messaging threats. 

For virus outbreaks, CASE analyzes the message content, context and structure to 
accurately determine likely Adaptive Rule triggers. CASE combines Adaptive 
Rules and the real-time Outbreak Rules published by SIO to evaluate every 
message and assign a unique threat level. 

To detect non-viral threats, CASE scans messages for URLs and uses Outbreak 
Rules from SIO to evaluate a message’s threat level if one or more URLs are 
found.

Based on the message’s threat level, CASE recommends a period of time to 
quarantine the message to prevent an outbreak. CASE also determines the rescan 
intervals so it can reevaluate the message based on updated Outbreak Rules from 
SIO. The higher the threat level, the more often it rescans the message while it is 
quarantined.

CASE also rescans messages when they’re released from the quarantine. A 
message can be quarantined again if CASE determines that it is spam or contains 
a virus upon rescan.

For more information about CASE, see 

The period between when an outbreak or email attack occurs and when software 
vendors release updated rules is when your network and your users are the most 
vulnerable. A modern virus can propagate globally and a malicious website can 
deliver malware or collect your users’ sensitive information during this period.