Cisco Cisco Email Security Appliance C160 Mode D'Emploi

If you click Clear Current Rules in the GUI or use 

vofflush

 from the CLI for 

the same effect, you are basically disabling Outbreak Rules until the next time that 
your IronPort appliance is able to download a new set of scores from SenderBase. 
Adaptive Rules are not cleared.

By default, your IronPort appliance will attempt to download new outbreak rules 
every 5 minutes. You can change this interval via the Security Services > Service 
Updates page. For more information, see 

.

Container files are files, such as zipped (.zip) archives, that contain other files. 
The TOC can publish rules that deal with specific files within archive files.

For example, if a virus outbreak is identified by the IronPort TOC to consist of a 
.zip file containing a .exe, a specific Outbreak Rule is published that sets a threat 
level for .exe files within .zip files (.zip(exe)), but does not set a specific threat 
level for any other file type contained within .zip files (e.g. .txt files). A second 
rule (.zip(*)) covers all other file types within that container file type. An Always 
rule for a container will always be used in a message's VTL calculation regardless 
of the types of files that are inside a container. An always rule will be published 
by the TOC if all such container types are known to be dangerous.

In this example, a .foo file within a .zip file will assume the threat level of 2.

.zip(exe)

4

This rule sets a threat level of 4 for .exe files 
within .zip files.

.zip(doc)

0

This rule sets a threat level of 0 for .doc files 
within .zip files.

zip(*)

2

This rule sets a threat level of 3 for all .zip files, 
regardless of the types of files they contain.