Cisco Cisco Email Security Appliance C160 Mode D'Emploi

To enable and customize the Outbreak Filters feature for a particular mail policy, select Enable 
Outbreak Filtering (Customize Settings). 

You can configure the following Outbreak Filter settings for a mail policy:

Quarantine threat level

Maximum quarantine retention time

Deliver non-viral threat messages immediately without adding them to quarantine

File extension types for bypassing

Message modification threshold

Alter subject header using custom text and Outbreak Filter variables such as 

$threat_verdict

,  

$threat_category

, 

$threat_type

, 

$threat_description

, and 

$threat_level

. 

Include the following email headers:

X-IronPort-Outbreak-Status

X-IronPort-Outbreak-Description

Send the message to an alternate destination such as an Email Security Appliance or an exchange 
server.

URL rewriting

Threat disclaimer

Select Enable Outbreak Filtering (Inherit Default mail policy settings) to use the Outbreak Filters 
settings that are defined for the default mail policy. If the default mail policy has the Outbreak Filters 
feature enabled, all other mail policies use the same Outbreak Filter settings unless they are customized.

Once you have made your changes, commit your changes.

Select a Quarantine Threat Level threshold for outbreak threats from the list. A smaller number means 
that you will be quarantining more messages, while a larger number results in fewer messages 
quarantined. Cisco recommends the default value of 3.

For more information, see 

.

Specify the maximum amount of time in either hours or days that messages stay in the Outbreak 
Quarantine. You can specify different retention times for messages that may contain viral attachments 
and messages that may contain other threats, like phishing or malware links. For non-viral threats, check 
the Deliver messages without adding them to quarantine check box to deliver the messages 
immediately without adding them to quarantine.