Cisco Cisco Email Security Appliance C160 Mode D'Emploi
10-7
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 10 Outbreak Filters
Outbreak Filters protects your users and network by quarantining suspect
messages for a limited period of time, giving Cisco and other vendors time to
investigate the new outbreak.
messages for a limited period of time, giving Cisco and other vendors time to
investigate the new outbreak.
When a virus outbreak occurs, suspicious messages with attachments are
quarantined until updated Outbreak Rules and new anti-virus signatures prove the
email’s attachment is clean or a virus.
quarantined until updated Outbreak Rules and new anti-virus signatures prove the
email’s attachment is clean or a virus.
Small scale, non-viral threats contain URLs to malicious websites that may be
online for a short period of time in order to evade detection by web security
services or through URL shortening services in order to circumvent web security
by putting a trustworthy website in the middle. By quarantining messages
containing URLs that meet your threat level threshold, not only does CASE have
the opportunity to reevaluate the message’s content based on updated Outbreak
Rules from SIO, but the messages can remain in the quarantine long enough that
the linked website may go offline or be blocked by a web security solution.
online for a short period of time in order to evade detection by web security
services or through URL shortening services in order to circumvent web security
by putting a trustworthy website in the middle. By quarantining messages
containing URLs that meet your threat level threshold, not only does CASE have
the opportunity to reevaluate the message’s content based on updated Outbreak
Rules from SIO, but the messages can remain in the quarantine long enough that
the linked website may go offline or be blocked by a web security solution.
See
quarantine suspicious messages.
Redirecting URLs
When CASE scans a message at the Outbreak Filters stage, it searches for URLs
in the message body in addition to other suspicious content. CASE uses published
Outbreak Rules to evaluate whether the message is a threat and then scores the
message with the appropriate threat level. Depending on the threat level, Outbreak
Filters protects the recipient by rewriting all the URLs to redirect the recipient to
the Cisco web security proxy, except for URLs pointing to bypassed domains, and
delaying the delivery of the message in order for TOC to learn more about the
website if it appears to be part of a larger outbreak. See
in the message body in addition to other suspicious content. CASE uses published
Outbreak Rules to evaluate whether the message is a threat and then scores the
message with the appropriate threat level. Depending on the threat level, Outbreak
Filters protects the recipient by rewriting all the URLs to redirect the recipient to
the Cisco web security proxy, except for URLs pointing to bypassed domains, and
delaying the delivery of the message in order for TOC to learn more about the
website if it appears to be part of a larger outbreak. See
for more information on bypassing URLs for
trusted domains.
After the Email Security appliance releases and delivers the message, any attempt
by the recipient to access the website is redirected through the Cisco web security
proxy. This is an external proxy hosted by Cisco that displays a splash screen that
warns the user that the website may be dangerous, if the website is still
operational. If the website has been taken offline, the splash screen displays an
error message.
by the recipient to access the website is redirected through the Cisco web security
proxy. This is an external proxy hosted by Cisco that displays a splash screen that
warns the user that the website may be dangerous, if the website is still
operational. If the website has been taken offline, the splash screen displays an
error message.