Руководство Пользователя для Cisco Cisco Email Security Appliance C170

Select Enable Outbreak Filtering (Inherit Default mail policy settings) to use 
the Outbreak Filters settings that are defined for the default mail policy. If the 
default mail policy has the Outbreak Filters feature enabled, all other mail policies 
use the same Outbreak Filter settings unless they are customized.

Once you have made your changes, commit your changes.

Select a Quarantine Threat Level threshold for outbreak threats from the list. A 
smaller number means that you will be quarantining more messages, while a 
larger number results in fewer messages quarantined. Cisco recommends the 
default value of 3.

For more information, see 

Specify the maximum amount of time in either hours or days that messages stay 
in the Outbreak Quarantine. You can specify different retention times for 
messages that may contain viral attachments and messages that may contain other 
threats, like phishing or malware links. You cannot quarantine non-viral threats 
unless you enable Message Modification for the policy.

CASE recommends a quarantine retention period when assigning the threat level 
to the message. The Email Security appliance keeps the message quarantined for 
the length of time that CASE recommends unless it exceeds the maximum 
quarantine retention time for its threat type.

You can modify a policy to bypass specific file types. Bypassed file extensions are 
not included when CASE calculates the threat level for the message; however, the 
attachments are still processed by the rest of the email security pipeline.

To bypass a file extension, click Bypass Attachment Scanning, select or type in a 
file extension, and click Add Extension. AsyncOS displays the extension type in 
the File Extensions to Bypass list.