Cisco Cisco Email Security Appliance C690 User Guide
4-17
Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
OL-25138-01
Chapter 4 Quarantines
Working with Messages in System Quarantines
From the Quarantined Message page, you can read the message, select a Message
Action, send a copy of the message, or test for viruses. You can also see if a
message will be encrypted upon release from the quarantine due to the Encrypt on
Delivery filter action.
Action, send a copy of the message, or test for viruses. You can also see if a
message will be encrypted upon release from the quarantine due to the Encrypt on
Delivery filter action.
The Message Details section displays the message body, message headers, and
attachments. Only the first 100K of the message body is displayed. If the message
is longer, the first 100K is shown, followed by an ellipsis (...). The actual message
is not truncated. This is for display purposes only. You can download the message
body by clicking
attachments. Only the first 100K of the message body is displayed. If the message
is longer, the first 100K is shown, followed by an ellipsis (...). The actual message
is not truncated. This is for display purposes only. You can download the message
body by clicking
[message body]
in the Message Parts section at the bottom of
Message Details. You can also download any of the message’s attachments by
clicking the attachment’s filename.
clicking the attachment’s filename.
If you view a message that contains a virus and you have desktop anti-virus
software installed on your computer, your anti-virus software may complain that
it has found a virus. This is not a threat to your computer and can be safely
ignored.
software installed on your computer, your anti-virus software may complain that
it has found a virus. This is not a threat to your computer and can be safely
ignored.
Note
For the special Outbreak quarantine, additional functionality is available. See
for more
information.
Viewing Matched Content
When you configure a quarantine action for messages that match Attachment
Content conditions, Message Body or Attachment conditions, Message body
conditions, or the Attachment content conditions, you can view the matched
content in the quarantined message. When you display the message body, the
matched content is highlighted in yellow, except for DLP policy violation
matches. You can also use the
Content conditions, Message Body or Attachment conditions, Message body
conditions, or the Attachment content conditions, you can view the matched
content in the quarantined message. When you display the message body, the
matched content is highlighted in yellow, except for DLP policy violation
matches. You can also use the
$MatchedContent
action variable to include the
matched content from message or content filter matches in the message subject.
If the attachment contains the matched content, the attachment’s contents are
displayed as well as the reason it was quarantined, whether it was due to a DLP
policy violation, content filter condition, message filter condition, or Image
Analysis verdict.
displayed as well as the reason it was quarantined, whether it was due to a DLP
policy violation, content filter condition, message filter condition, or Image
Analysis verdict.
When you view messages in the local quarantine that have triggered message or
content filter rules, the GUI may display content that did not actually trigger the
filter action (along with content that triggered the filter action). The GUI display
content filter rules, the GUI may display content that did not actually trigger the
filter action (along with content that triggered the filter action). The GUI display