Solved: Hi,

sdonovan123 · ‎04-24-2017

Hello,

I had a Cisco Healhcheck performed on my ESA's and this was one of the mention improvements needed:

Enable URL Rewriting for Message Modification in Incoming Mail Policy -> Outbreak Filtering. Once enabled, a user receiving an email will have a prepended subject line and message body with a warning message along with rewritten URLs. If the user clicks on the rewritten URL and opens it in a browser, they will connect to a public web proxy. If the webpage contains malicious content, they will simply receive a block page. If the page contains a suspicious file, the user will be presented with a warning screen asking them if they wish to download the file. Also, if the page appears to have no malware but still appears suspicious, the user can open the website through the proxy for protection or can go to the website directly.

My question: Is the part about "user receiving an email will have a prepended subject line and message body with a warning message along with rewritten URLs" something I can control? I would like the URL to be rewritten but not have the subject line prepended or message body have a warning until they click on it.

Thanks!

Libin Varghese · ‎04-24-2017

Hi,

The available configuration options are present under Mail Policies -> Incoming Mail Policies -> Outbreak Filters -> Enable message modification.

The Outbreak Filters feature modifies the message body of a non-viral threat message not only to rewrite the URLs but to alert the user that the message is a suspected threat. The Outbreak Filters feature can modify the subject header and add a disclaimer about the message’s content above the message body.

You can read through how outbreak filter message modification works in the below user guide

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf

Page 15-6

Thank You!

Libin Varghese

View solution in original post

Libin Varghese · ‎04-24-2017

Hi,