User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

361

362

363

364

365

366

367

368

369

370

14-2

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 14 Outbreak Filters

How Outbreak Filters Work

Related Topics

• Delaying, Redirecting, and Modifying Messages, page 14-2

• Threat Categories, page 14-2

• Cisco Security Intelligence Operations, page 14-3

• Context Adaptive Scanning Engine, page 14-4

• Delaying Messages, page 14-4

• Redirecting URLs, page 14-5

• Modifying Messages, page 14-6

• Types of Rules: Adaptive and Outbreak, page 14-6

• Outbreaks, page 14-7

• Threat Levels, page 14-7

Delaying, Redirecting, and Modifying Messages

The Outbreak Filters feature uses three tactics to protect your users from outbreaks:

• Delay. Outbreak Filters quarantines messages that may be part of a virus outbreak or non-viral

attack. While quarantined, the appliances receives updated outbreak information and rescans the

message to confirm whether it’s part of an attack.

• Redirect. Outbreak Filters rewrites the URLs in non-viral attack messages to redirect the recipient

through the Cisco web security proxy if they attempt to access any of the linked websites. The proxy

displays a splash screen that warns the user that the website may contain malware, if the website is

still operational, or displays an error message if the website has been taken offline. See Redirecting

URLs, page 14-5 for more information on redirecting URLs.

• Modify. In addition to rewriting URLs in non-viral threat messages, Outbreak Filters can modify a

message’s subject and add a disclaimer above the message body to warn users about the message’s

content. See Modifying Messages, page 14-6 for more information.

Threat Categories

The Outbreak Filters feature provides protection from two categories of message-based outbreaks: virus

outbreaks, which are messages with never-before-seen viruses in their attachments, and non-viral

threats, which includes phishing attempts, scams, and malware distribution through links to an external

website.

By default, the Outbreak Filters feature scans your incoming and outgoing messages for possible viruses

during an outbreak. You can enable scanning for non-viral threats in addition to virus outbreaks if you

enable anti-spam scanning on the appliance.

Note Your appliance needs a feature key for Anti-Spam or Intelligent Multi-Scan in order for Outbreak Filters

to scan for non-viral threats.