Cisco Cisco Email Security Appliance C650 Guía Del Usuario
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
27-9
Cisco AsyncOS 8.0 for Email User Guide
Chapter 27 Quarantines
Managing Policy, Virus, and Outbreak Quarantines
Policy Quarantine Performance
Messages stored in policy quarantines use system memory in addition to hard-drive space. Storing
hundreds of thousands of messages in policy quarantines on a single appliance may cause a decrease in
the appliance’s performance due to excessive memory usage. The appliance takes more time to
quarantine, delete, and release messages, which causes message processing to slow down and the email
pipeline to back up.
hundreds of thousands of messages in policy quarantines on a single appliance may cause a decrease in
the appliance’s performance due to excessive memory usage. The appliance takes more time to
quarantine, delete, and release messages, which causes message processing to slow down and the email
pipeline to back up.
Cisco recommends storing an average of less than 20,000 messages in your policy quarantines to ensure
that the Email Security appliance processes email at a normal rate.
that the Email Security appliance processes email at a normal rate.
To check the number of messages in quarantines, see
.
Alerts About Quarantine Disk-Space Usage
An alert is sent whenever the total size of the policy, virus, and outbreak quarantine reaches or passes
75 percent, 85 percent, and 95 percent of its capacity. The check is performed when a message is placed
in the quarantine. For example, if adding a message to a quarantine increases the size to or past
75 percent of the total capacity, an alert is sent.
75 percent, 85 percent, and 95 percent of its capacity. The check is performed when a message is placed
in the quarantine. For example, if adding a message to a quarantine increases the size to or past
75 percent of the total capacity, an alert is sent.
For more information about Alerts, see
.
Policy Quarantines and Logging
AsyncOS individually logs all messages that are quarantined:
Info: MID 482 quarantined to "Policy" (message filter:policy_violation)
The message filter or Outbreak Filters feature rule that caused the message to be quarantined is placed
in parentheses. A separate log entry is generated for each quarantine in which the message is placed.
in parentheses. A separate log entry is generated for each quarantine in which the message is placed.
AsyncOS also individually logs messages that are removed from quarantine:
Info: MID 483 released from quarantine "Policy" (queue full)
Info: MID 484 deleted from quarantine "Anti-Virus" (expired)
The system individually logs messages after they are removed from all quarantines and either
permanently deleted or scheduled for delivery, for example
permanently deleted or scheduled for delivery, for example
Info: MID 483 released from all quarantines
Info: MID 484 deleted from all quarantines
When a message is re-injected, the system creates a new Message object with a new Message ID (MID).
This is logged using an existing log message with a new MID “byline”, for example:
This is logged using an existing log message with a new MID “byline”, for example:
Info: MID 483 rewritten to 513 by Policy Quarantine
About Distributing Message Processing Tasks to Other Users
You can distribute message review and processing tasks to other administrative users. For example:
•
The Human Resources team can review and manage the Policy Quarantine.
•
The Legal team can manage the Confidential Material Quarantine.