02-24-2020 06:14 AM
Hello ESA gods,
I have a couple of questions regarding Outbreak Filters that I can't wrap my head around, maybe you can help:
1. When emails leave the outbreak quarantine, I know the will be sent through the AV engine again. Will they also be sent through content filters again? Or would I have to use "send to alternate host" to send them back to ESA if I want to run them through content filters again?
2. When I enabled message modification, will this only apply to mails that are released from quarantine when the timer runs out? Or will messages also be modified when Cisco gives a "clean" verdict after a while?
3. Does message modification apply to "other threats" only or do they apply to viral attachments as well (e.g. if I add a disclaimer, will the disclaimer be added to both types of threats)?
Also, I am a bit surprised that I don't have all the options available that are available in URL filters, like link defang or link rewrite. This would be a welcome addition to the Outbreak feature set.
02-24-2020 08:01 AM
See Chapter 4 of the ESA Administration Guide, Understanding the Email Pipeline. That should help clarify. Also, the guide states, "Messages released from the Outbreak quarantine are re-scanned by the anti-spam, AMP, and anti-virus engines. See, About Rescanning of Quarantined Messages, in the ESA Administration Guide.
02-24-2020 08:45 AM
I have read that already, but it doesn't answer the questions I have.
02-25-2020 10:54 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: