Cisco Cisco Email Security Appliance C170 User Guide
Chapter 10 Virus Outbreak Filters
10-348
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
•
If the quarantine’s Default Action is set to delete, the message will be deleted
when the retention time period expires, or when the quarantine overflows.
when the retention time period expires, or when the quarantine overflows.
•
Overflow occurs when the quarantine is full and more messages are added. In
this case the messages closest to their expiration date (not necessarily the
oldest messages) are released first, until enough room is available for the new
messages. You can configure the Outbreak quarantine so that the following
actions are performed on messages before they are released due to overflow:
strip attachments, modify the subject, add an X-Header.
this case the messages closest to their expiration date (not necessarily the
oldest messages) are released first, until enough room is available for the new
messages. You can configure the Outbreak quarantine so that the following
actions are performed on messages before they are released due to overflow:
strip attachments, modify the subject, add an X-Header.
Because quarantined messages are rescanned whenever new rules are published,
it is very likely that messages in the Outbreak quarantine will be released prior to
the expiration time.
it is very likely that messages in the Outbreak quarantine will be released prior to
the expiration time.
Still, it can be important to monitor the Outbreak quarantine if the Default Action
is set to “delete.” IronPort recommends most users to not set the default action to
delete. For more information about releasing messages from the Outbreak
quarantine, or changing the Default Action for the Outbreak Quarantine, see the
“Quarantines” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.
is set to “delete.” IronPort recommends most users to not set the default action to
delete. For more information about releasing messages from the Outbreak
quarantine, or changing the Default Action for the Outbreak Quarantine, see the
“Quarantines” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.
Conversely, if you have messages in your Outbreak quarantine that you would like
to keep in the quarantine longer while you wait for a new virus definition, for
example, you can delay the expiration of those messages. Keep in mind that
increasing the retention time for messages can cause the size of the quarantine to
grow.
to keep in the quarantine longer while you wait for a new virus definition, for
example, you can delay the expiration of those messages. Keep in mind that
increasing the retention time for messages can cause the size of the quarantine to
grow.
Note
If anti-virus scanning is disabled globally (not via a mail policy) while a message
is in the Outbreak quarantine, the message is not anti-virus scanned when it leaves
the quarantine, even if anti-virus scanning is re-enabled prior to the message
leaving the quarantine.
is in the Outbreak quarantine, the message is not anti-virus scanned when it leaves
the quarantine, even if anti-virus scanning is re-enabled prior to the message
leaving the quarantine.
Note
You can use the Virus Outbreak Filters feature without having enabled anti-virus
scanning on the IronPort appliance (see
scanning on the IronPort appliance (see