Cisco Cisco Email Security Appliance X1070 User Guide
10-337
Cisco IronPort AsyncOS 7.1 for Email Configuration Guide
OL-22158-02
Chapter 10 Virus Outbreak Filters
Dynamic Quarantine
The Virus Outbreak Filters feature’s Outbreak quarantine is a temporary holding
area used to store messages until new virus definitions have been created and your
anti-virus software updated. See
area used to store messages until new virus definitions have been created and your
anti-virus software updated. See
for more information. Quarantined messages can be released from
the Outbreak quarantine in several ways. As new outbreak rules are downloaded,
messages in the Outbreak quarantine are automatically re-evaluated, beginning
with the oldest message. If the revised threat level of a message falls under the
system's threshold, the message will automatically be released (regardless of the
Outbreak quarantine’s settings), thereby minimizing the time it spends in the
quarantine. If new rules are published while messages are being re-evaluated, the
rescan is restarted.
messages in the Outbreak quarantine are automatically re-evaluated, beginning
with the oldest message. If the revised threat level of a message falls under the
system's threshold, the message will automatically be released (regardless of the
Outbreak quarantine’s settings), thereby minimizing the time it spends in the
quarantine. If new rules are published while messages are being re-evaluated, the
rescan is restarted.
Please note that messages are not automatically released from the outbreak
quarantine when new anti-virus signatures are available. New rules that are
published may or may not reference new anti-virus signatures; however, messages
will not be released due to an anti-virus engine update unless an Outbreak Rule
changes the threat level of the message to a score lower than your Threat Level
Threshold.
quarantine when new anti-virus signatures are available. New rules that are
published may or may not reference new anti-virus signatures; however, messages
will not be released due to an anti-virus engine update unless an Outbreak Rule
changes the threat level of the message to a score lower than your Threat Level
Threshold.
Messages are also released from the Outbreak quarantine once the timeout period
(default is 24 hours) has elapsed. Messages can be manually released from the
quarantine. Messages can also be released from the quarantine when the
quarantine is full and more messages are inserted (this is referred to as overflow).
Overflow only occurs when the Outbreak quarantine is at 100% capacity, and a
new message is added to the quarantine. At this point, messages are released in
the following order of priority:
(default is 24 hours) has elapsed. Messages can be manually released from the
quarantine. Messages can also be released from the quarantine when the
quarantine is full and more messages are inserted (this is referred to as overflow).
Overflow only occurs when the Outbreak quarantine is at 100% capacity, and a
new message is added to the quarantine. At this point, messages are released in
the following order of priority:
•
Messages quarantined by Adaptive Rules (those scheduled to be released
soonest are first)
soonest are first)
•
Messages quarantined by Outbreak Rules (those scheduled to be released
soonest are first)
soonest are first)
Overflow stops the moment the Outbreak quarantine is below 100% capacity. For
more information about how quarantine overflow is handled, see the
“Quarantines” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.
more information about how quarantine overflow is handled, see the
“Quarantines” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.