Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1125
Views
0
Helpful
1
Replies

ESA – Outbreak Filter – different Threat Disclaimers for type “Phish” and “Virus”?

xgadmagar
Level 1
Level 1

‎06-09-2016 06:39 AM

Currently I am using Outbreak Filter (ESA 8.5.7) with the general configuration for adding a Threat Disclaimer.

Is it possible to have a different configuration for phishing mail?

The special threat disclaimer for phishing mails should only add with thread level 4 or 5.

In addition I like to use a different disclaimer text for phishing and virus mails.

 

In the UI I did not find any way to configure that. In addition I did not find any hints in the AsyncOS E-Mail User Guide.

Is there a way to write custom rules for that?

current configuration (Mail Policies: Outbreak Filters):

Message Modification Threat Level: 3

Message Subject:           none

Include the X-IronPort-Outbreak-Status headers: Enable for all messages

Include the X-IronPort-Outbreak-Description header: Enable

URL Rewriting: Disable

Threat Disclaimer:           [custom_disclaimer; Mail Policies > Text Resources > Disclaimers ]

Labels:
0 Helpful
1 Reply 1

Mathew Huynh
Cisco Employee
Cisco Employee

‎06-12-2016 10:15 PM

Hello,

The message modification to add the disclaimer will take action based on the URLs within the email;

---

Enable message modification. Required for non-viral threat detection (excluding attachments)

---

So viral threats will be taken as a quarantined action, while message modification handles other threats that's not related to the attachment file.

Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents