Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
14-15
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 14 Outbreak Filters
Managing Outbreak Filters (GUI)
For more information, see
.
Maximum Quarantine Retention
Specify the maximum amount of time in either hours or days that messages stay in the Outbreak
Quarantine. You can specify different retention times for messages that may contain viral attachments
and messages that may contain other threats, like phishing or malware links. You cannot quarantine
non-viral threats unless you enable Message Modification for the policy.
Quarantine. You can specify different retention times for messages that may contain viral attachments
and messages that may contain other threats, like phishing or malware links. You cannot quarantine
non-viral threats unless you enable Message Modification for the policy.
CASE recommends a quarantine retention period when assigning the threat level to the message. The
Email Security appliance keeps the message quarantined for the length of time that CASE recommends
unless it exceeds the maximum quarantine retention time for its threat type.
Email Security appliance keeps the message quarantined for the length of time that CASE recommends
unless it exceeds the maximum quarantine retention time for its threat type.
Bypassing File Extension Types
You can modify a policy to bypass specific file types. Bypassed file extensions are not included when
CASE calculates the threat level for the message; however, the attachments are still processed by the rest
of the email security pipeline.
CASE calculates the threat level for the message; however, the attachments are still processed by the rest
of the email security pipeline.
To bypass a file extension, click Bypass Attachment Scanning, select or type in a file extension, and click
Add Extension. AsyncOS displays the extension type in the File Extensions to Bypass list.
Add Extension. AsyncOS displays the extension type in the File Extensions to Bypass list.
To remove an extension from the list of bypassed extensions, click the trash can icon next to the
extension in the File Extensions to Bypass list.
extension in the File Extensions to Bypass list.
Bypassing File Extensions: Container File Types
When bypassing file extensions, files within container files (a .doc file within a .zip, for example) are
bypassed if the extension is in the list of extensions to bypass. For example, if you add .doc to the list of
extensions to bypass, all .doc files, even those within container files are bypassed.
bypassed if the extension is in the list of extensions to bypass. For example, if you add .doc to the list of
extensions to bypass, all .doc files, even those within container files are bypassed.
Message Modification
Enable Message Modification if you want the appliance to scan messages for non-viral threats, such as
phishing attempts or links to malware websites.
phishing attempts or links to malware websites.
Based on the message’s threat level, AsyncOS can modify the message to rewrite all of the URLs to
redirect the recipient through the Cisco web security proxy if they attempt to open the website from the
message. The appliance can also add a disclaimer to the message to alert the user that the message’s
content is suspicious or malicious.
redirect the recipient through the Cisco web security proxy if they attempt to open the website from the
message. The appliance can also add a disclaimer to the message to alert the user that the message’s
content is suspicious or malicious.
You need to enable message modification in order to quarantine non-viral threat messages.
Message Modification Threat Level
Select a Message Modification Threat Level threshold from the list. This setting determines whether to
modify a message based on the threat level returned by CASE. A smaller number means that you will be
modifying more messages, while a larger number results in fewer messages being modified. Cisco
recommends the default value of 3.
modify a message based on the threat level returned by CASE. A smaller number means that you will be
modifying more messages, while a larger number results in fewer messages being modified. Cisco
recommends the default value of 3.