Viral Outbreak Mac OS
Introduction
In Q1 2020, Apple and Google were neck-and-neck: Windows grabbed 87.5% market share, macOS took 5.8%, and Chrome OS captured 5.3%. But in Q2 2020, Windows fell to 81.7%, macOS grew to 7.6%,. February 16: discovery of the first-ever malware for Mac OS X, a low-threat trojan-horse known as OSX/Leap-A or OSX/Oompa-A, is announced. Late March: Brontok variant N was found in late March. Brontok was a mass-email worm and the origin for the worm was from Indonesia. June: Starbucks is a virus that infects StarOffice and OpenOffice. Disease outbreaks Statement on the meeting of the IHR Emergency Committee for Ebola virus disease in the Democratic Republic of the Congo 12 February 2020 - It was the unanimous view of the Emergency Committee that Ebola virus disease outbreak in Democratic Republic of the Congo still constitutes a public health emergency of international.
This document describes how an end-user may submit email messages pertaining to Spam, Ham, or Marketing to Cisco for support, troubleshooting, or additional examination.
Types of email messages that can be submitted to Cisco
Generally speaking, spam, ham, and marketing email messages are defined as:
- Spam: Irrelevant or inappropriate email message(s) to a recipient.
- Ham: An email message that is not Spam. Or, 'non-spam', 'good mail'.
- Marketing: Directly marketing a commercial email message.
Cisco will accept submissions for any email that is classified incorrectly. This consists of the following:
- false-negative (missed Spam)
- false-positive (or 'Ham')
- false-negative marketing messages
- false-positive marketing messages
- phish-suspected messages
- virus-suspected, virus-positive messages
Why submit email messages to Cisco?
Submitting missed spam or incorrectly marked spam email messages will assist Cisco to confirm the content of email messages. This also assists in IronPort Anti-Spam (IPAS) efficacy and scoring.
Email Status Portal hosted on Talosintelligence.com
The Email Submission and Tracking Portal (ESTP) has been replaced with the Email Status Portal, hosted on Talosintelligence.com, starting September 1, 2020. The ESTP will no longer be available, and users will be automatically redirected to the new portal. User data will be transferred, with improved user interface and metrics. Visit https://talosintelligence.com/tickets/email_submissions for more information.
How to submit email messages to Cisco
Supported methods for submitting email messages to Cisco are:
- Cisco Email Security Plug-In
- Direct email submission from the end-user
Cisco Email Security Plug-in
The Cisco Email Security Plug-in is available ONLY for Microsoft Outlook on Windows. To check if you have installed a version of the Cisco Email Security Plug-in, with Microsoft Outlook open, click File > Options > Add-Ins. If you see the Cisco IronPort Email Security Plug-In or similar, then you have the Cisco Email Security Plug-in installed. If you do not, then please download the Plug-In from the URL provided above.
Note: You may download the Cisco Email Security Plug-In from the Cisco Email Security Appliance Download Software page. This requires an active Cisco Connection Online (CCO) ID that is associated with an active contract.
Example of the Cisco Email Security Plug-In installed, as seen from the Microsoft Outlook ribbon:
Note: Older versions of the Plug-in are named 'IronPort Email Security Plug-in' or 'Encryption Plug-in for Outlook'. This would be seen in versions 7.6 and older for the Plug-in. This version of the Plug-in contained both Reporting and Encryption together. Starting in 2017, Cisco separated the services and released two new versions of the Plug-in, 'Email Reporting Plugin for Outlook' and the 'Email Encryption Plugin for Outlook'. These were available with a 1.0.0.x version.
Direct Email Submission
Please follow the instructions for your email client below in order to attach the email as an RFC 822 Multipurpose Internet Mail Extension (MIME)-encoded attachment. If your email client is not provided as an example below, please refer directly to the email client user guide or support help, and confirm that it will support 'Forwarding as Attachment.'
Submissions should be sent to the email address that is appropriate:
spam@access.ironport.com | The subject line may be prepended as [SUSPECTED SPAM]. The end-user considers the email message spam. |
ham@access.ironport.com | The subject line may be prepended as [SUSPECTED SPAM] or the subject line may also contain additional tagging. The end-user DOES NOT consider the email message as spam. |
ads@access.ironport.com | The subject line may be prepended as [MARKETING], [SOCIAL NETWORK], or [BULK]. The end-user may consider the email message to be, or contain marketing content or graymail. |
not_ads@access.ironport.com | The subject line may be prepended as [MARKETING], [SOCIAL NETWORK], or [BULK]. The end-user DOES NOT consider the email message to be marketing or graymail. |
phish@access.ironport.com | The subject line may be prepended as [SUSPECTED SPAM] or [Possible $threat_category Fraud], or similar. The email message appears to be phishing (designed to acquire user name(s), passwords, credit card info, or other personally identifiable information), or the email message contains malware attachments (likewise, designed to acquire user name(s), passwords, etc.) |
virus@access.ironport.com | The subject line may be prepended as [WARNING: VIRUS DETECTED]. The end-user considers the email message and/or attachment as viral. |
Not all subject lines will be prepended. Please consult your ESA configuration for Anti-spam, Anti-virus, Graymail, and Outbreak Filters for your settings.
Example of tagged subject lines:
Warning: Simply forwarding an email message does not retain the order of the mail routing headers, and also removes important mail routing headers which are required to attribute the origination of the email. Please always assure that you are sending the email in question via the 'forwarding as attachment' option.
Email submissions can be made through any of the following clients:
- Microsoft Outlook 2010, 2013, or 2016 for Windows
- Microsoft Outlook Web App, Microsoft Office 365
- Microsoft Outlook 2011 and Microsoft Outlook 2016 for Mac (OS X, macOS)
- Mail (OS X, macOS)
- Mozilla Thunderbird
- Mobile Platforms (iPhone, Android, etc)
Microsoft Outlook 2010, 2013, or 2016 for Windows
- The preferred submission method from Microsoft Outlook on Windows is to use the Cisco Email Security Plug-In.
Submit messages to Cisco for unsolicited and unwanted email, such as spam, viruses, and phishing messages.
Legitimate email messages that have been marked as spam can be quickly reclassified using the Not Spam button.
Note: If you prefer not to install the Cisco Email Security Plug-In, you can use the Microsoft Outlook Web App, Microsoft Office 365 instructions below (if your company provides use of Microsoft Office Online).
Microsoft Outlook Web App, Microsoft Office 365
- Open your mailbox in Microsoft Outlook Web App.
- Select the message that you want to submit.
- Click 'New mail' at the top left.
- Drag the message you are submitting over, and drop as an attachment to the new message.
- Send the email message to the respective address as described above.
Microsoft Outlook 2011 and Microsoft Outlook 2016 for Mac (OS X, macOS)
- Select the message in the message pane.
- Click the Attachment button.
- Forward the message on to the respective address listed in the Outlook Web App instructions below.
Mail (OS X, macOS)
- Right-click on the email message itself and choose Forward as Attachment.
- Forward the email message to the respective address as described above.
Mozilla Thunderbird
- Right-click on the email message itself and choose Forward As > Attachment.
- Forward the email message to the respective address as described above.
Note: MailSentry IronPort Spam Reporter is a third-party plug-in that is available for Mozilla Thunderbird that takes the same action as described above, but does so by providing a 'Spam/Ham' button. *This is not a supported plug-in from Cisco.
Mobile Platforms (iPhone, Android, etc)
- If your mobile platform does not have a method to forward the original email as an attachment, you will need to wait until you have access to one of the other methods above, prior to submitting it.
How to verify submissions to Cisco
Direct Email Submission
Cisco does not provide a confirmation email or notice of receipt for email submissions. Please view submissions via the Email Status Portal hosted on Talosintelligence.com.
Viral Outbreak Mac Os Catalina
Email Status Portal hosted on Talosintelligence.com
Once a submission is successfully completed on the Email Status Portal, you will see the listing of all submissions from the given date/time range.
Viral Outbreak Mac Os X
Example:
Viral Outbreak Mac Os Download
For more information on the Email Status Portal: https://talosintelligence.com/tickets/email_submissions/help