Руководство Пользователя для Cisco Cisco Email Security Appliance C170
10-333
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Chapter 10 Virus Outbreak Filters
minutes by default (see
Adaptive Rules are updated less frequently. On the IronPort appliance, you set a
threshold for quarantining (e.g. 3). If the VTL for a message equals or exceeds
your threshold, the message is sent to the Outbreak quarantine area.
threshold for quarantining (e.g. 3). If the VTL for a message equals or exceeds
your threshold, the message is sent to the Outbreak quarantine area.
Quarantines and Anti-Virus Scanning
Quarantining these messages provides a buffer during which updated anti-virus
definitions can be created and installed. This interval is crucial to limiting the
exposure to and spread of viruses within your company. Messages are passed
through anti-virus scanning again upon release from the Outbreak quarantine.
Messages are also passed through anti-spam scanning upon release from the
quarantine if the appliance uses an anti-spam filter. For more information, see
definitions can be created and installed. This interval is crucial to limiting the
exposure to and spread of viruses within your company. Messages are passed
through anti-virus scanning again upon release from the Outbreak quarantine.
Messages are also passed through anti-spam scanning upon release from the
quarantine if the appliance uses an anti-spam filter. For more information, see
The next step involves the handling the quarantined messages themselves. The
length of time the messages are scheduled to remain in the quarantine, as well as
what actions take place when the messages are released from the quarantine is
configured via the Quarantines page. For more information about working with
quarantines in general, see the “Quarantines” chapter in the Cisco IronPort
AsyncOS for Email Daily Management Guide. For more information about how
Virus Outbreak Filters and the Outbreak quarantine work together, see
length of time the messages are scheduled to remain in the quarantine, as well as
what actions take place when the messages are released from the quarantine is
configured via the Quarantines page. For more information about working with
quarantines in general, see the “Quarantines” chapter in the Cisco IronPort
AsyncOS for Email Daily Management Guide. For more information about how
Virus Outbreak Filters and the Outbreak quarantine work together, see
Note
It is possible to use the Virus Outbreak Filters feature without having enabled
anti-virus scanning on the IronPort appliance. The two security services are
designed to complement each other, but will also work separately. That said, if
you do not enable anti-virus scanning on your IronPort appliance, you will need
to need to monitor your anti-virus vendor’s updates and manually release or
re-evaluate some messages in the Outbreak quarantine. When using Virus
Outbreak Filters without anti-virus scanning enabled, keep the following in mind:
anti-virus scanning on the IronPort appliance. The two security services are
designed to complement each other, but will also work separately. That said, if
you do not enable anti-virus scanning on your IronPort appliance, you will need
to need to monitor your anti-virus vendor’s updates and manually release or
re-evaluate some messages in the Outbreak quarantine. When using Virus
Outbreak Filters without anti-virus scanning enabled, keep the following in mind:
•
You should disable Adaptive Rules
•
Messages will get quarantined by Outbreak Rules
•
Messages will get released if the threat level is lowered or time expires
•
Downstream anti-virus vendors (desktops/groupware) may catch the message
on release
on release