Cisco Cisco Email Security Appliance C190 Betriebsanweisung

Quarantined messages and their attachments are rescanned for threats upon release from quarantine. If 
the message is released after file analysis results are available to the reputation scanner, any identified 
threats will be caught during rescanning. 

Create a policy quarantine to hold messages with attachments that have been sent for analysis. 

Set the quarantine to release messages after about 2 hours. For this release, there is no automatic action 
based on file analysis results. 

Identify messages processed by the Advanced Malware Protection filters with an X-Header: 

Select Mail Policies > Incoming Mail Policies. 

click the link in the Advanced Malware Protection column of a policy. 

Select the option to Include an X-header with the AMP results in messages. 

Submit your changes.

Create a content filter to quarantine messages based on the X-Header value. 

A. Create the condition: 

Select Mail Policies > Incoming Content Filters. 

Click Add Filter. 

Click Add Condition. 

Click Other Header. 

For Header Name, enter 

X-Amp-File-Uploaded

. 

For Header Value, select Contains and enter 

true

. 

Click OK. 

B. Create the action: 

Click Add Action.

Select Quarantine. 

Select the quarantine you created above. 

Click OK. 

Submit your changes. 

Add the content filter to the same incoming mail policy you configured above. 

Submit and commit your changes. 

You can use X-Headers to mark messages with actions and results of message processing steps. You tag 
messages with X-Headers in mail policies, then use content filters to choose handling options and final 
actions for these messages. 

For a configuration example, see