Cisco Cisco Email Security Appliance C160 Mode D'Emploi
10-15
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 10 Outbreak Filters
•
Quarantine threat level.
•
Maximum quarantine retention time.
•
File extension types for bypassing.
•
Message modification threshold.
•
Message subject.
•
URL rewriting.
•
Threat disclaimer.
Select Enable Outbreak Filtering (Inherit Default mail policy settings) to use the Outbreak Filters
settings that are defined for the default mail policy. If the default mail policy has the Outbreak Filters
feature enabled, all other mail policies use the same Outbreak Filter settings unless they are customized.
settings that are defined for the default mail policy. If the default mail policy has the Outbreak Filters
feature enabled, all other mail policies use the same Outbreak Filter settings unless they are customized.
Once you have made your changes, commit your changes.
Setting a Quarantine Level Threshold
Select a Quarantine Threat Level threshold for outbreak threats from the list. A smaller number means
that you will be quarantining more messages, while a larger number results in fewer messages
quarantined. Cisco recommends the default value of 3.
that you will be quarantining more messages, while a larger number results in fewer messages
quarantined. Cisco recommends the default value of 3.
For more information, see
.
Maximum Quarantine Retention
Specify the maximum amount of time in either hours or days that messages stay in the Outbreak
Quarantine. You can specify different retention times for messages that may contain viral attachments
and messages that may contain other threats, like phishing or malware links. You cannot quarantine
non-viral threats unless you enable Message Modification for the policy.
Quarantine. You can specify different retention times for messages that may contain viral attachments
and messages that may contain other threats, like phishing or malware links. You cannot quarantine
non-viral threats unless you enable Message Modification for the policy.
CASE recommends a quarantine retention period when assigning the threat level to the message. The
Email Security appliance keeps the message quarantined for the length of time that CASE recommends
unless it exceeds the maximum quarantine retention time for its threat type.
Email Security appliance keeps the message quarantined for the length of time that CASE recommends
unless it exceeds the maximum quarantine retention time for its threat type.
Bypassing File Extension Types
You can modify a policy to bypass specific file types. Bypassed file extensions are not included when
CASE calculates the threat level for the message; however, the attachments are still processed by the rest
of the email security pipeline.
CASE calculates the threat level for the message; however, the attachments are still processed by the rest
of the email security pipeline.
To bypass a file extension, click Bypass Attachment Scanning, select or type in a file extension, and click
Add Extension. AsyncOS displays the extension type in the File Extensions to Bypass list.
Add Extension. AsyncOS displays the extension type in the File Extensions to Bypass list.
To remove an extension from the list of bypassed extensions, click the trash can icon next to the
extension in the File Extensions to Bypass list.
extension in the File Extensions to Bypass list.
Bypassing File Extensions: Container File Types
When bypassing file extensions, files within container files (a .doc file within a .zip, for example) are
bypassed if the extension is in the list of extensions to bypass. For example, if you add .doc to the list of
extensions to bypass, all .doc files, even those within container files are bypassed.
bypassed if the extension is in the list of extensions to bypass. For example, if you add .doc to the list of
extensions to bypass, all .doc files, even those within container files are bypassed.