Cisco Cisco Email Security Appliance C160 Mode D'Emploi
14-5
Cisco AsyncOS 9.0 for Email User Guide
Chapter 14 Outbreak Filters
How Outbreak Filters Work
See
for more information on how Outbreak Filters quarantine
suspicious messages.
Redirecting URLs
When CASE scans a message at the Outbreak Filters stage, it searches for URLs in the message body in
addition to other suspicious content. CASE uses published Outbreak Rules to evaluate whether the
message is a threat and then scores the message with the appropriate threat level. Depending on the threat
level, Outbreak Filters protects the recipient by rewriting all the URLs to redirect the recipient to the
Cisco web security proxy, except for URLs pointing to bypassed domains, and delaying the delivery of
the message in order for TOC to learn more about the website if it appears to be part of a larger outbreak.
See
addition to other suspicious content. CASE uses published Outbreak Rules to evaluate whether the
message is a threat and then scores the message with the appropriate threat level. Depending on the threat
level, Outbreak Filters protects the recipient by rewriting all the URLs to redirect the recipient to the
Cisco web security proxy, except for URLs pointing to bypassed domains, and delaying the delivery of
the message in order for TOC to learn more about the website if it appears to be part of a larger outbreak.
See
for more information on bypassing URLs for
trusted domains.
After the Email Security appliance releases and delivers the message, any attempt by the recipient to
access the website is redirected through the Cisco web security proxy. This is an external proxy hosted
by Cisco that displays a splash screen that warns the user that the website may be dangerous, if the
website is still operational. If the website has been taken offline, the splash screen displays an error
message.
access the website is redirected through the Cisco web security proxy. This is an external proxy hosted
by Cisco that displays a splash screen that warns the user that the website may be dangerous, if the
website is still operational. If the website has been taken offline, the splash screen displays an error
message.
If the recipient decides to click the message’s URLs, the Cisco web security proxy displays a splash
screen in the user’s web browser to warn the user about the content of the message.
screen in the user’s web browser to warn the user about the content of the message.
shows
an example of the splash screen warning. The recipient can either click Ignore this warning to continue
on to the website or Exit to leave and safely close the browser window.
on to the website or Exit to leave and safely close the browser window.
Figure 14-1
Cisco Security Splash Screen Warning
The only way to access the Cisco web security proxy is through a rewritten URL in a message. You
cannot access the proxy by typing a URL in your web browser.
cannot access the proxy by typing a URL in your web browser.
Note
You can customize the appearance of this splash screen and display your organization’s branding such
as company logo, contact information, and so on. See
as company logo, contact information, and so on. See
.