Cisco Cisco Email Security Appliance C390 사용자 가이드
4-113
Cisco IronPort AsyncOS 7.3 for Email Daily Management Guide
OL-23080-01
Chapter 4 Quarantines
Working with Messages in System Quarantines
The message filter or Virus Outbreak Filters feature rule that caused the message
to be quarantined is placed in the parenthesis. A separate log entry is generated
for each quarantine in which the message is placed.
to be quarantined is placed in the parenthesis. A separate log entry is generated
for each quarantine in which the message is placed.
AsyncOS also individually logs messages that are removed from quarantine:
Info: MID 483 released from quarantine "Policy" (queue full)
Info: MID 484 deleted from quarantine "Anti-Virus" (expired)
The system individually logs messages after they are removed from all
quarantines and either permanently deleted or scheduled for delivery, e.g.
quarantines and either permanently deleted or scheduled for delivery, e.g.
Info: MID 483 released from all quarantines
Info: MID 484 deleted from all quarantines
When a message is re-injected, the system creates a new Message object with a
new MID. This is logged using an existing log message with a new MID “byline”,
e.g.
new MID. This is logged using an existing log message with a new MID “byline”,
e.g.
Info: MID 483 rewritten to 513 by System Quarantine
The Virus Outbreak Filters Feature and the Outbreak Quarantine
The Outbreak quarantine is present when a valid Virus Outbreak Filters feature
license key has been entered. The Virus Outbreak Filters feature sends messages
to the Outbreak quarantine, depending on the threshold set. For more information,
see the “Virus Outbreak Filters” chapter in the Cisco IronPort AsyncOS for Email
Configuration Guide.
license key has been entered. The Virus Outbreak Filters feature sends messages
to the Outbreak quarantine, depending on the threshold set. For more information,
see the “Virus Outbreak Filters” chapter in the Cisco IronPort AsyncOS for Email
Configuration Guide.
If the license for the Virus Outbreak Filters feature expires, you will be unable to
add more messages to the Outbreak quarantine. Once the messages currently in
the quarantine have expired and the Outbreak quarantine becomes empty, it is no
longer shown in the Quarantines listing in the GUI.
add more messages to the Outbreak quarantine. Once the messages currently in
the quarantine have expired and the Outbreak quarantine becomes empty, it is no
longer shown in the Quarantines listing in the GUI.
The Outbreak quarantine functions just like other quarantines — you can search
for messages, release or delete messages, etc. Messages placed in the Outbreak
quarantine are automatically released if newly published rules deem the
quarantined message no longer a threat.
for messages, release or delete messages, etc. Messages placed in the Outbreak
quarantine are automatically released if newly published rules deem the
quarantined message no longer a threat.
The Outbreak quarantine has some additional features, not available in other
quarantines: the Manage by Rule Summary link, the Send to IronPort feature
when viewing message details, and the option to sort messages in sort results by
Scheduled Exit time.
quarantines: the Manage by Rule Summary link, the Send to IronPort feature
when viewing message details, and the option to sort messages in sort results by
Scheduled Exit time.