Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
14-19
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 14 Outbreak Filters
Managing Outbreak Filters
Message Modification Threat Level
Select a Message Modification Threat Level threshold from the list. This setting determines whether to
modify a message based on the threat level returned by CASE. A smaller number means that you will be
modifying more messages, while a larger number results in fewer messages being modified. Cisco
recommends the default value of 3.
modify a message based on the threat level returned by CASE. A smaller number means that you will be
modifying more messages, while a larger number results in fewer messages being modified. Cisco
recommends the default value of 3.
Message Subject
You can alter the text of the subject header on non-viral threat messages containing modified links to
notify users that the message has been modified for their protection. Prepend or append the subject
header with custom text, Outbreak Filter variables such as
notify users that the message has been modified for their protection. Prepend or append the subject
header with custom text, Outbreak Filter variables such as
$threat_verdict
,
$threat_category
,
$threat_type
,
$threat_description
, and
$threat_level
, or a combination of both. To insert
variables, click Insert Variables, and select from the list of variables.
White space is not ignored in the Message Subject field. Add spaces after (if prepending) or before (if
appending) the text you enter in this field to separate your added text from the original subject of the
message. For example, add the text
appending) the text you enter in this field to separate your added text from the original subject of the
message. For example, add the text
[MODIFIED FOR PROTECTION]
with a few trailing spaces if you are
prepending.
Note
The Message Subject field only accepts US-ASCII characters.
Outbreak Filters Email Headers
You can add the following additional headers to the message:
Note
If you want to filter messages based on these headers, you must send the Outbreak Filter processed
messages back to an Email Security Appliance (by configuring an alternate destination mail host), and
scan them using a content filter that matches these headers.
messages back to an Email Security Appliance (by configuring an alternate destination mail host), and
scan them using a content filter that matches these headers.
Alternate Destination Mail Host
If you want to perform a content filter-based scan on the Outbreak Filter processed messages, you must
configure the Outbreak Filter to send the processed messages back to an Email Security Appliance. This
is because, in the processing pipeline, the Outbreak Filter scan is performed after the content filter scan.
configure the Outbreak Filter to send the processed messages back to an Email Security Appliance. This
is because, in the processing pipeline, the Outbreak Filter scan is performed after the content filter scan.
Header
Format
Example
Options
X-IronPort-Outbreak-Status
X-IronPort-Outbreak-Status:
$threat_verdict, level
$threat_level, $threat_category
- $threat_type
X-IronPort-Outbreak-Sta
tus: Yes, level 4, Phish
- Password
•
Enable for all
messages
messages
•
Enable only
for non-viral
outbreak
for non-viral
outbreak
•
Disable
X-IronPort-Outbreak-Description
X-IronPort-Outbreak-Description
: $threat_description
X-IronPort-Outbreak-Des
cription: It may trick
victims into submitting
their username and
password on a fake
website.
•
Enable
•
Disable