Cisco Cisco Email Security Appliance C190 Guia Do Utilizador
13-4
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 13 SenderBase Network Participation
(a) Filenames will be encoded in a 1-way hash (MD5).
(b) Filenames will be sent in an obfuscated form, with all lowercase ASCII letters ([a-z]) replaced with “a,” all uppercase ASCII
letters ([A-Z]) replaced with “A,” any multi-byte UTF-8 characters replaced with “x” (to provide privacy for other character
sets), all ASCII digits ([0-9]) replaced with “0,” and all other single byte characters (whitespace, punctuation, etc.)
maintained. For example, the file Britney1.txt.pif would appear as Aaaaaaa0.aaa.pif.
sets), all ASCII digits ([0-9]) replaced with “0,” and all other single byte characters (whitespace, punctuation, etc.)
maintained. For example, the file Britney1.txt.pif would appear as Aaaaaaa0.aaa.pif.
(c) URL hostnames point to a web server providing content, much as an IP address does. No confidential information, such as
usernames and passwords, are included.
(d) URL information following the hostname is obfuscated to ensure that any personal information of the user is not revealed.
What does Cisco do to make sure that the data I share is secure?
If you agree to participate in the SenderBase Network:
Data sent from your Cisco IronPort appliances will be sent to the Cisco IronPort SenderBase Network
servers using the secure protocol HTTPS.
servers using the secure protocol HTTPS.
All customer data will be handled with care at Cisco. This data will be stored in a secure location and
access to the data will be limited to employees and contractors at Cisco who require access in order to
improve the company's email security products and services or provide customer support.
access to the data will be limited to employees and contractors at Cisco who require access in order to
improve the company's email security products and services or provide customer support.
No information identifying email recipients or the customer's company will be shared outside of Cisco
Systems when reports or statistics are generated based on the data.
Systems when reports or statistics are generated based on the data.
Obfuscated Filename(s): (b)
A file aaaaaaa0.aaa.pif was found inside a file
aaaaaaa.zip.
aaaaaaa.zip.
URL Hostname
(c)
There was a link found inside a message to
www.domain.com
www.domain.com
Obfuscated URL Path
(d)
There was a link found inside a message to hostname
www.domain.com, and had path aaa000aa/aa00aaa.
www.domain.com, and had path aaa000aa/aa00aaa.
Number of Messages by Spam and Virus Scanning
Results
Results
10 Spam Positive
10 Spam Negative
5 Spam Suspect
4 Virus Positive
16 Virus Negative
5 Virus Unscannable
Number of messages by different Anti-Spam and
Anti-Virus verdicts
Anti-Virus verdicts
500 spam, 300 ham
Count of Messages in Size Ranges
125 in 30K-35K range
Count of different extension types
300 “.exe” attachments
Correlation of attachment types, true file type, and
container type
container type
100 attachments that have a “.doc” extension but are
actually “.exe”
actually “.exe”
50 attachments are “.exe” extensions within a zip
Correlation of extension and true file type with
attachment size
attachment size
30 attachments were “.exe” within the 50-55K range
Table 13-2
Statistics Shared Per IP Address
Item
Sample Data (Continued)