Cisco Cisco Email Security Appliance C390 사용자 가이드
Chapter 4 Quarantines
Working with Messages in System Quarantines
4-112
Cisco IronPort AsyncOS 7.3 for Email Daily Management Guide
OL-23080-01
System Quarantines and Virus Scanning
Once a message has been released for delivery from all queues in which is has
been quarantined, it will be rescanned for viruses (assuming anti-virus is enabled
on that mail policy) before it can be delivered.
been quarantined, it will be rescanned for viruses (assuming anti-virus is enabled
on that mail policy) before it can be delivered.
When a message is released from quarantine it is scanned for viruses by the
anti-virus engine (if anti-virus is enabled). If the verdict produced (CLEAN,
VIRAL, UNSCANNABLE, etc.) matches the verdict produced the previous time
the message was processed, the message is not re-quarantined. Conversely, if the
verdicts are different, the message could be sent to the Virus quarantine.
anti-virus engine (if anti-virus is enabled). If the verdict produced (CLEAN,
VIRAL, UNSCANNABLE, etc.) matches the verdict produced the previous time
the message was processed, the message is not re-quarantined. Conversely, if the
verdicts are different, the message could be sent to the Virus quarantine.
The rationale is to prevent messages from looping back to the quarantine
indefinitely. For example, suppose a message is encrypted and therefore sent to
the Virus quarantine. If an administrator releases the message, the anti-virus
engine still will not be able to decrypt it; however, the message should not be
re-quarantined or a loop will be created and the message will never be released
from the quarantine. Since the two verdicts are the same, the system bypasses the
Virus quarantine the second time.
indefinitely. For example, suppose a message is encrypted and therefore sent to
the Virus quarantine. If an administrator releases the message, the anti-virus
engine still will not be able to decrypt it; however, the message should not be
re-quarantined or a loop will be created and the message will never be released
from the quarantine. Since the two verdicts are the same, the system bypasses the
Virus quarantine the second time.
System Quarantines and Alerts
An alert is sent whenever a quarantine reaches or passes 75% and 95% of its
capacity. The check is performed when a message is placed in the quarantine. So,
if adding a message to the Policy quarantine increases the size to or past 75% of
the capacity specified, an alert is sent:
capacity. The check is performed when a message is placed in the quarantine. So,
if adding a message to the Policy quarantine increases the size to or past 75% of
the capacity specified, an alert is sent:
Warning: Quarantine "Policy" is 75% full
For more information about Alerts, see the “System Administration” chapter in
the Cisco IronPort AsyncOS for Email Configuration Guide.
the Cisco IronPort AsyncOS for Email Configuration Guide.
System Quarantines and Logging
AsyncOS individually logs all messages that are quarantined:
Info: MID 482 quarantined to "Policy" (message
filter:policy_violation)