Mail Security provides the following outbreak triggers:
Same attachment name
Same subject
Same virus
Unrepairable viruses
Unscannable files
Filtering violations
Total viruses
You can enable or disable the triggers. You can also modify the number of occurrences for a violation and the span of time in which the events must occur to constitute an outbreak. You can specify whether to notify an administrator when an outbreak occurs.
See Configuring outbreak notifications
When you enable outbreak management, you can also configure Mail Security to automatically add the names of outbreak triggered attachments to the Outbreak Triggered Attachment Names match list and outbreak triggered subject text to the Outbreak Triggered Subject Lines match list. Mail Security uses these match lists for the preconfigured content filtering rules that automatically block suspicious file attachments or subjects. You can also use these match lists to create your own content filtering rules.
To configure outbreak triggers
In the console on the primary navigation bar, click Policies.
In the sidebar under General, click Outbreak.
In the content area, in the table, select the trigger that you want to modify.
The trigger that you select is highlighted in blue.
In the Status column, use the drop-down menu to select Enabled or Disabled.
In the Occurrences column, type the number of instances that must occur to constitute an outbreak.
The default value is 100.
In the Time column, type the span of time in which the instances must occur to constitute an outbreak.
The default value is 20.
In the Units column, click the drop-down menu, and select one of the following:
In the Notify Administrator column, check the box if you want to notify an administrator of the outbreak.
In the Update Match List column, check the box if you want to automatically add the attachment name or subject to the Outbreak Triggered Names match list or Outbreak Triggered Subjects match list. The trigger must be activated.
In the Rule column, click View Rule to view or modify the associated content filtering rule.
This option is available only for the Same attachment name and Same subject triggers.
Note that Mail Security disables content filtering on the server if you uncheck Enable content filtering in the Content Enforcement Rule window.
On the toolbar, click Deploy changes to apply your changes.