Delay. Outbreak Filters quarantines messages that may be part of a virus outbreak or non-viral
attack. While quarantined, the appliances receives updated outbreak information and rescans the
message to confirm whether it’s part of an attack.

•

Redirect. Outbreak Filters rewrites the URLs in non-viral attack messages to redirect the recipient
through the Cisco web security proxy if they attempt to access any of the linked websites. The proxy
displays a splash screen that warns the user that the website may contain malware, if the website is
still operational, or displays an error message if the website has been taken offline. See

Redirecting

URLs, page 15-5

for more information on redirecting URLs.

•

Modify. In addition to rewriting URLs in non-viral threat messages, Outbreak Filters can modify a
message’s subject and add a disclaimer above the message body to warn users about the message’s
content. See

Modifying Messages, page 15-6

for more information.

Threat Categories

The Outbreak Filters feature provides protection from two categories of message-based outbreaks: virus
outbreaks, which are messages with never-before-seen viruses in their attachments, and non-viral
threats, which includes phishing attempts, scams, and malware distribution through links to an external
website.

By default, the Outbreak Filters feature scans your incoming and outgoing messages for possible viruses
during an outbreak. You can enable scanning for non-viral threats in addition to virus outbreaks if you
enable anti-spam scanning on the appliance.

Note

Your appliance needs a feature key for Anti-Spam or Intelligent Multi-Scan in order for Outbreak Filters
to scan for non-viral threats.