Cisco Cisco Email Security Appliance C670 ユーザーガイド
10-25
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 10 Outbreak Filters
Note
White space is not ignored in the Message Subject field. Add spaces after (if
prepending) or before (if appending) the text you enter in this field to separate
your added text from the original subject of the message. For example, add the
text
prepending) or before (if appending) the text you enter in this field to separate
your added text from the original subject of the message. For example, add the
text
[MODIFIED FOR PROTECTION]
with a few trailing spaces if you are prepending.
Note
The Message Subject field only accepts US-ASCII characters.
URL Rewriting and Bypassing Domains
If the message’s threat level exceeds the message modification threshold, the
Outbreak Filters feature rewrites all URLs in the message to redirect the user to
the Cisco web security proxy’s splash page if they click on any of them. (See
Outbreak Filters feature rewrites all URLs in the message to redirect the user to
the Cisco web security proxy’s splash page if they click on any of them. (See
for more information.) If the message’s threat level
exceeds the quarantine threshold, the appliance also quarantines the message. If a
small scale, non-viral outbreak is in progress, quarantining the message gives
TOC time to analyze any suspect websites linked from possible outbreak
messages and determine whether the websites are malicious. CASE uses updated
Outbreak Rules from SIO to rescan the message to determine if it is part of the
outbreak. After the retention period expires, the appliance releases the message
from the quarantine.
small scale, non-viral outbreak is in progress, quarantining the message gives
TOC time to analyze any suspect websites linked from possible outbreak
messages and determine whether the websites are malicious. CASE uses updated
Outbreak Rules from SIO to rescan the message to determine if it is part of the
outbreak. After the retention period expires, the appliance releases the message
from the quarantine.
AsyncOS rewrites all of the URLs inside a message except for the ones pointing
to bypassed domains.
to bypassed domains.
The following options are available for URL rewriting:
•
Enable only for unsigned messages. This option allows AsyncOS to rewrite
URLs in unsigned messages that meet or exceed the message modification
threshold, but not signed messages. Cisco recommends using this setting for
URL rewriting.
URLs in unsigned messages that meet or exceed the message modification
threshold, but not signed messages. Cisco recommends using this setting for
URL rewriting.
Note
The Email Security appliance may rewrite URLs in a
DomainKeys/DKIM-signed message and invalidate the message’s
signature if a server or appliance on your network other than the Email
Security appliance is responsible for verifying the DomainKeys/DKIM
signature.
DomainKeys/DKIM-signed message and invalidate the message’s
signature if a server or appliance on your network other than the Email
Security appliance is responsible for verifying the DomainKeys/DKIM
signature.