About outbreak triggers
|Article:HOWTO82460|||||Created: 2012-11-30|||||Updated: 2013-10-28|||||Article URL http://www.symantec.com/docs/HOWTO82460|
The set of defining criteria for an outbreak is called an outbreak trigger. Each outbreak trigger only monitors one type of event and defines an outbreak as the frequency of the specified event within a given time period.
For example, one outbreak trigger could be defined as the occurrence of 50 or more unscannable files within one hour. Another outbreak trigger could be defined as 30 or more filtering rule violations within 15 minutes.
If you enable multiple outbreak triggers and a message is received that violates more than one, Mail Security goes into outbreak mode and stops looking for additional outbreaks. Only one outbreak rule is triggered.
Message bodies typically do not contain threats or security risks. To conserve processing resources, Mail Security installs with default settings that do not scan message bodies. (Message attachments are always scanned.)You can modify the settings to scan message bodies.
If Mail Security does not scan the message body (which includes the subject line), the Same subject outbreak can not be triggered unless the message contains an attachment.
To activate the Same subject outbreak trigger for messages that do not contain attachments, you can do any of the following:
Enable message body scanning.
Enable at least one content filtering rule.
Content filtering rules require message body scanning, regardless of whether the message contains an attachment. The content filtering rule can be any of the default rules or a rule that you create.
Outbreak triggers apply to auto-protect scans only.
Article URL http://www.symantec.com/docs/HOWTO82460