Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Because the Outbreak Filters Rules are automatically downloaded for you, there 
really is no management needed on the part of the user.

However, if for some reason your Cisco IronPort appliance is not able to reach 
Cisco IronPort’s update servers for new rules over a period of time, it is possible 
that your locally-cached scores are no longer valid, i.e., if a known viral 
attachment type now has an update in the anti-virus software and/or is no longer 
a threat. At this time, you may wish to no longer quarantine messages with these 
characteristics.

You can manually update the current outbreak rules by clicking Update Rules 
Now. This is identical to issuing the 

outbreakupdate

 command via the CLI (see 

the Cisco IronPort AsyncOS CLI Reference Guide).

By default, your Cisco IronPort appliance will attempt to download new Outbreak 
Filters rules every 5 minutes. You can change this interval via the Security 
Services > Service Updates page. For more information, see 

The Outbreak Filters feature has settings that can be set per mail policy. The 
Outbreak Filters feature can be enabled or disabled for each mail policy on the 
appliance. Specific file extensions and domains can be exempted from processing 
by the Outbreak Filters feature, per mail policy. This functionality is also 
available via the 

policyconfig

 CLI command (see the Cisco IronPort AsyncOS 

CLI Reference Guide).

IronPort Anti-Spam or Intelligent Multi-Scan scanning needs to be enabled 
globally on an appliance in order for the Outbreak Filters feature to scan for 
non-viral threats.