Cisco Cisco Email Security Appliance X1070 Mode D'Emploi
Chapter 10 Outbreak Filters
10-20
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Managing Outbreak Filter Rules
Because the Outbreak Filters Rules are automatically downloaded for you, there
really is no management needed on the part of the user.
really is no management needed on the part of the user.
However, if for some reason your Cisco IronPort appliance is not able to reach
Cisco IronPort’s update servers for new rules over a period of time, it is possible
that your locally-cached scores are no longer valid, i.e., if a known viral
attachment type now has an update in the anti-virus software and/or is no longer
a threat. At this time, you may wish to no longer quarantine messages with these
characteristics.
Cisco IronPort’s update servers for new rules over a period of time, it is possible
that your locally-cached scores are no longer valid, i.e., if a known viral
attachment type now has an update in the anti-virus software and/or is no longer
a threat. At this time, you may wish to no longer quarantine messages with these
characteristics.
You can manually update the current outbreak rules by clicking Update Rules
Now. This is identical to issuing the
Now. This is identical to issuing the
outbreakupdate
command via the CLI (see
the Cisco IronPort AsyncOS CLI Reference Guide).
Updating Outbreak Filter Rules
By default, your Cisco IronPort appliance will attempt to download new Outbreak
Filters rules every 5 minutes. You can change this interval via the Security
Services > Service Updates page. For more information, see
Filters rules every 5 minutes. You can change this interval via the Security
Services > Service Updates page. For more information, see
The Outbreak Filters Feature and Mail Policies
The Outbreak Filters feature has settings that can be set per mail policy. The
Outbreak Filters feature can be enabled or disabled for each mail policy on the
appliance. Specific file extensions and domains can be exempted from processing
by the Outbreak Filters feature, per mail policy. This functionality is also
available via the
Outbreak Filters feature can be enabled or disabled for each mail policy on the
appliance. Specific file extensions and domains can be exempted from processing
by the Outbreak Filters feature, per mail policy. This functionality is also
available via the
policyconfig
CLI command (see the Cisco IronPort AsyncOS
CLI Reference Guide).
Note
IronPort Anti-Spam or Intelligent Multi-Scan scanning needs to be enabled
globally on an appliance in order for the Outbreak Filters feature to scan for
non-viral threats.
globally on an appliance in order for the Outbreak Filters feature to scan for
non-viral threats.