Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
371372373374375376377378379380
14-17
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 14 Outbreak Filters
Managing Outbreak Filters
To enable and customize the Outbreak Filters feature for a particular mail policy, select Enable
Outbreak Filtering (Customize Settings).
You can configure the following Outbreak Filter settings for a mail policy:
Quarantine threat level
Maximum quarantine retention time
Deliver non-viral threat messages immediately without adding them to quarantine
File extension types for bypassing
Message modification threshold
Alter subject header using custom text and Outbreak Filter variables such as $threat_verdict,
$threat_category, $threat_type, $threat_description, and $threat_level.
Include the following email headers:
X-IronPort-Outbreak-Status
X-IronPort-Outbreak-Description
Send the message to an alternate destination such as an Email Security Appliance or an exchange
server.
URL rewriting
Threat disclaimer
Select Enable Outbreak Filtering (Inherit Default mail policy settings) to use the Outbreak Filters
settings that are defined for the default mail policy. If the default mail policy has the Outbreak Filters
feature enabled, all other mail policies use the same Outbreak Filter settings unless they are customized.
Once you have made your changes, commit your changes.
Related Topics
Setting a Quarantine Level Threshold, page 14-17
Maximum Quarantine Retention, page 14-17
Bypassing File Extension Types, page 14-18
Message Modification, page 14-18
Setting a Quarantine Level Threshold
Select a Quarantine Threat Level threshold for outbreak threats from the list. A smaller number means
that you will be quarantining more messages, while a larger number results in fewer messages
quarantined. Cisco recommends the default value of 3.
For more information, see Guidelines for Setting Your Quarantine Threat Level Threshold, page 14-8.
Maximum Quarantine Retention
Specify the maximum amount of time in either hours or days that messages stay in the Outbreak
Quarantine. You can specify different retention times for messages that may contain viral attachments
and messages that may contain other threats, like phishing or malware links. For non-viral threats, check
the Deliver messages without adding them to quarantine check box to deliver the messages
immediately without adding them to quarantine.