Cisco Cisco Email Security Appliance C160 Betriebsanweisung
10-15
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 10 Outbreak Filters
time exceeds the maximum retention time for the threat type, the Email Security
appliance releases messages when the maximum retention time elapses. For viral
messages the default maximum quarantine period is 1 day. The default period for
quarantining non-viral threats is 4 hours. You can manually release messages
from the quarantine.
appliance releases messages when the maximum retention time elapses. For viral
messages the default maximum quarantine period is 1 day. The default period for
quarantining non-viral threats is 4 hours. You can manually release messages
from the quarantine.
The Email Security appliance also releases messages when the quarantine is full
and more messages are inserted (this is referred to as overflow). Overflow only
occurs when the Outbreak quarantine is at 100% capacity, and a new message is
added to the quarantine. At this point, messages are released in the following
order of priority:
and more messages are inserted (this is referred to as overflow). Overflow only
occurs when the Outbreak quarantine is at 100% capacity, and a new message is
added to the quarantine. At this point, messages are released in the following
order of priority:
•
Messages quarantined by Adaptive Rules (those scheduled to be released
soonest are first)
soonest are first)
•
Messages quarantined by Outbreak Rules (those scheduled to be released
soonest are first)
soonest are first)
Overflow stops the moment the Outbreak quarantine is below 100% capacity. For
more information about how quarantine overflow is handled, see the
“Quarantines” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.
more information about how quarantine overflow is handled, see the
“Quarantines” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.
Messages released from the Outbreak quarantine are scanned by the anti-virus and
anti-spam engines again if they’re enabled for the mail policy. If it is now marked
as a known virus or spam, then it will be subject to your mail policy settings
(including a possible second quarantining in the Virus quarantine or IronPort
Spam quarantine). For more information, see
anti-spam engines again if they’re enabled for the mail policy. If it is now marked
as a known virus or spam, then it will be subject to your mail policy settings
(including a possible second quarantining in the Virus quarantine or IronPort
Spam quarantine). For more information, see
.
Thus it is important to note that in a message's lifetime, it may actually be
quarantined twice — once due to the Outbreak Filters feature, and once when it
is released from the Outbreak quarantine. A message will not be subject to a
second quarantine if the verdicts from each scan (prior to Outbreak Filters, and
when released from the Outbreak quarantine) match. Also note that the Outbreak
Filters feature does not take any final actions on messages. The Outbreak Filters
feature will either quarantine a message (for further processing) or move the
message along to the next step in the pipeline.
quarantined twice — once due to the Outbreak Filters feature, and once when it
is released from the Outbreak quarantine. A message will not be subject to a
second quarantine if the verdicts from each scan (prior to Outbreak Filters, and
when released from the Outbreak quarantine) match. Also note that the Outbreak
Filters feature does not take any final actions on messages. The Outbreak Filters
feature will either quarantine a message (for further processing) or move the
message along to the next step in the pipeline.