Cisco Cisco Email Security Appliance C170 Mode D'Emploi
10-351
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Chapter 10 Virus Outbreak Filters
AsyncOS has two types of alerts for the Virus Outbreak Filter feature: size and
rule
rule
AsyncOS alerts are generated whenever the Outbreak quarantine’s size goes
above 5, 50, 75, and 95 of the maximum size. The alert generated for the 95%
threshold has a severity of CRITICAL, while the remaining alert thresholds are
WARNING. Alerts are generated when the threshold is crossed as the quarantine
size increases. Alerts are not generated when thresholds are crossed as the
quarantine size decreases. For more information about alerts, see
above 5, 50, 75, and 95 of the maximum size. The alert generated for the 95%
threshold has a severity of CRITICAL, while the remaining alert thresholds are
WARNING. Alerts are generated when the threshold is crossed as the quarantine
size increases. Alerts are not generated when thresholds are crossed as the
quarantine size decreases. For more information about alerts, see
AsyncOS also generates alerts when rules are published, the threshold changes,
or when a problem occurs while updating rules or the CASE engine.
or when a problem occurs while updating rules or the CASE engine.
Troubleshooting The Virus Outbreak Filters Feature
This section provides some basic troubleshooting tips for the Virus Outbreak
Filters feature.
Filters feature.
Use the checkbox on the Manage Quarantine page for the Outbreak quarantine to
notify IronPort of mis-classifications.
notify IronPort of mis-classifications.
Optionally, you can use the following email address to report mis-classifications
to IronPort Systems:
to IronPort Systems:
•
clean@ironport.com
•
outbreaks@ironport.com — for reporting messages sent to the outbreak
quarantine for investigation.
quarantine for investigation.
Multiple Attachments and Bypassed Filetypes
Bypassed file types are only excluded if a message’s only attachment is of that
type, or in the case of multiple attachments, if the other attachments do not yet
have existing rules. Otherwise the message is scanned.
type, or in the case of multiple attachments, if the other attachments do not yet
have existing rules. Otherwise the message is scanned.
Message and Content Filters and the Email Pipeline
Message and content filters are applied to messages prior to scanning by Virus
Outbreak Filters. Filters can cause messages to skip or bypass the Virus Outbreak
Filters scanning.
Outbreak Filters. Filters can cause messages to skip or bypass the Virus Outbreak
Filters scanning.