Cisco Cisco Email Security Appliance C160 Mode D'Emploi
15-17
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 15 Outbreak Filters
Managing Outbreak Filters
Maximum Quarantine Retention
Specify the maximum amount of time that messages stay in the Outbreak Quarantine. You can specify
different retention times for messages that may contain viral attachments and messages that may contain
other threats, like phishing or malware links. For non-viral threats, check the Deliver messages without
adding them to quarantine check box to deliver the messages immediately without adding them to
quarantine.
different retention times for messages that may contain viral attachments and messages that may contain
other threats, like phishing or malware links. For non-viral threats, check the Deliver messages without
adding them to quarantine check box to deliver the messages immediately without adding them to
quarantine.
Note
You cannot quarantine non-viral threats unless you enable Message Modification for the policy.
CASE recommends a quarantine retention period when assigning the threat level to the message. The
Email Security appliance keeps the message quarantined for the length of time that CASE recommends
unless it exceeds the maximum quarantine retention time for its threat type.
Email Security appliance keeps the message quarantined for the length of time that CASE recommends
unless it exceeds the maximum quarantine retention time for its threat type.
Bypassing File Extension Types
You can modify a policy to bypass specific file types. Bypassed file extensions are not included when
CASE calculates the threat level for the message; however, the attachments are still processed by the rest
of the email security pipeline.
CASE calculates the threat level for the message; however, the attachments are still processed by the rest
of the email security pipeline.
To bypass a file extension, click Bypass Attachment Scanning, select or type in a file extension, and click
Add Extension. AsyncOS displays the extension type in the File Extensions to Bypass list.
Add Extension. AsyncOS displays the extension type in the File Extensions to Bypass list.
To remove an extension from the list of bypassed extensions, click the trash can icon next to the
extension in the File Extensions to Bypass list.
extension in the File Extensions to Bypass list.
Related Topics
•
Bypassing File Extensions: Container File Types
When bypassing file extensions, files within container files (a .doc file within a .zip, for example) are
bypassed if the extension is in the list of extensions to bypass. For example, if you add .doc to the list of
extensions to bypass, all .doc files, even those within container files are bypassed.
bypassed if the extension is in the list of extensions to bypass. For example, if you add .doc to the list of
extensions to bypass, all .doc files, even those within container files are bypassed.
Message Modification
Enable Message Modification if you want the appliance to scan messages for non-viral threats, such as
phishing attempts or links to malware websites.
phishing attempts or links to malware websites.
Based on the message’s threat level, AsyncOS can modify the message to rewrite all of the URLs to
redirect the recipient through the Cisco web security proxy if they attempt to open the website from the
message. The appliance can also add a disclaimer to the message to alert the user that the message’s
content is suspicious or malicious.
redirect the recipient through the Cisco web security proxy if they attempt to open the website from the
message. The appliance can also add a disclaimer to the message to alert the user that the message’s
content is suspicious or malicious.
You need to enable message modification in order to quarantine non-viral threat messages.
Related Topics
•
•
•