Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

You cannot quarantine non-viral threats unless you enable Message Modification for the policy.

CASE recommends a quarantine retention period when assigning the threat level to the message. The 
Email Security appliance keeps the message quarantined for the length of time that CASE recommends 
unless it exceeds the maximum quarantine retention time for its threat type.

You can modify a policy to bypass specific file types. Bypassed file extensions are not included when 
CASE calculates the threat level for the message; however, the attachments are still processed by the rest 
of the email security pipeline.

To bypass a file extension, click Bypass Attachment Scanning, select or type in a file extension, and click 
Add Extension. AsyncOS displays the extension type in the File Extensions to Bypass list.

To remove an extension from the list of bypassed extensions, click the trash can icon next to the 
extension in the File Extensions to Bypass list.

When bypassing file extensions, files within container files (a .doc file within a .zip, for example) are 
bypassed if the extension is in the list of extensions to bypass. For example, if you add .doc to the list of 
extensions to bypass, all .doc files, even those within container files are bypassed.

Enable Message Modification if you want the appliance to scan messages for non-viral threats, such as 
phishing attempts or links to malware websites. 

Based on the message’s threat level, AsyncOS can modify the message to rewrite all of the URLs to 
redirect the recipient through the Cisco web security proxy if they attempt to open the website from the 
message. The appliance can also add a disclaimer to the message to alert the user that the message’s 
content is suspicious or malicious. 

You need to enable message modification in order to quarantine non-viral threat messages.