Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Very early in a virus outbreak’s lifecycle, broader rules are used to quarantine 
messages. As more information becomes available, increasingly focused rules are 
published, narrowing the definition of what is quarantined. As the new rules are 
published, messages that are no longer considered possible virus messages are 
released from quarantine (messages in the outbreak quarantine are rescanned as 
new rules are published).

 shows an example of a virus outbreak’s life cycle.

Log in to the Graphical User Interface (GUI), select Security Services in the 
menu, and click Outbreak Filters.

T=0

Adaptive Rule 
(based on past 
outbreaks)

A consolidated rule set based 
on over 100K message 
attributes, which analyzes 
message content, context and 
structure

Messages are automatically 
quarantined if they match Adaptive 
Rules

T=5 min

Outbreak Rule

Quarantine messages 
containing .zip (exe) files

Quarantine all attachments that are 
.zips containing a .exe

T=10 min

Outbreak Rule

Quarantine messages that 
have .zip (exe) files greater 
than 50 KB

Any message with .zip (exe) files that 
are less than 50 KB would be released 
from quarantine

T=20 min

Outbreak Rule

Quarantine messages that 
have .zip (exe) files between 
50 to 55 KB, and have “Price” 
in the file name

Any message that does not match this 
criteria would be released from 
quarantine 

T=12 hours

Outbreak Rule

Scan against new signature 

All remaining messages are scanned 
against the latest anti-virus signature