Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
14-21
Cisco AsyncOS 9.0 for Email User Guide
Chapter 14 Outbreak Filters
Managing Outbreak Filters
The Outbreak Filters Feature and the Outbreak Quarantine
Messages quarantined by the Outbreak Filters feature are sent to the Outbreak quarantine. This
quarantine functions like any other quarantine (for more information about working with quarantines,
see
quarantine functions like any other quarantine (for more information about working with quarantines,
see
) except that it has a “summary” view, useful
for deleting or releasing all messages from the quarantine, based on the rule used to place the message
in the quarantine (for Outbreak Rules, the Outbreak ID is shown, and for Adaptive Rules, a generic term
is shown). For more information about the summary view, see
in the quarantine (for Outbreak Rules, the Outbreak ID is shown, and for Adaptive Rules, a generic term
is shown). For more information about the summary view, see
.
Related Topics
•
•
Monitoring the Outbreak Quarantine
Though a properly configured quarantine requires little if any monitoring, it is a good idea to keep an
eye on the Outbreak Quarantine, especially during and after virus outbreaks when legitimate messages
may be delayed.
eye on the Outbreak Quarantine, especially during and after virus outbreaks when legitimate messages
may be delayed.
If a legitimate message is quarantined, one of the following occurs depending on the settings for the
Outbreak quarantine:
Outbreak quarantine:
•
If the quarantine’s Default Action is set to Release, the message will be released when the retention
time period expires or when the quarantine overflows. You can configure the Outbreak quarantine
so that the following actions are performed on messages before they are released due to overflow:
strip attachments, modify the subject, and add an X-Header. For more information about these
actions, see
time period expires or when the quarantine overflows. You can configure the Outbreak quarantine
so that the following actions are performed on messages before they are released due to overflow:
strip attachments, modify the subject, and add an X-Header. For more information about these
actions, see
•
If the quarantine’s Default Action is set to Delete, the message will be deleted when the retention
time period expires, or when the quarantine overflows.
time period expires, or when the quarantine overflows.
•
Overflow occurs when the quarantine is full and more messages are added. In this case the messages
closest to their expiration date (not necessarily the oldest messages) are released first, until enough
room is available for the new messages. You can configure the Outbreak quarantine so that the
following actions are performed on messages before they are released due to overflow: strip
attachments, modify the subject, add an X-Header.
closest to their expiration date (not necessarily the oldest messages) are released first, until enough
room is available for the new messages. You can configure the Outbreak quarantine so that the
following actions are performed on messages before they are released due to overflow: strip
attachments, modify the subject, add an X-Header.
Because quarantined messages are rescanned whenever new rules are published, it is very likely that
messages in the Outbreak quarantine will be released prior to the expiration time.
messages in the Outbreak quarantine will be released prior to the expiration time.
Still, it can be important to monitor the Outbreak quarantine if the Default Action is set to Delete. Cisco
recommends most users to not set the default action to Delete. For more information about releasing
messages from the Outbreak quarantine, or changing the Default Action for the Outbreak Quarantine,
see
recommends most users to not set the default action to Delete. For more information about releasing
messages from the Outbreak quarantine, or changing the Default Action for the Outbreak Quarantine,
see
.
Conversely, if you have messages in your Outbreak quarantine that you would like to keep in the
quarantine longer while you wait for a new rule update, for example, you can delay the expiration of
those messages. Keep in mind that increasing the retention time for messages can cause the size of the
quarantine to grow.
quarantine longer while you wait for a new rule update, for example, you can delay the expiration of
those messages. Keep in mind that increasing the retention time for messages can cause the size of the
quarantine to grow.
Note
If anti-virus scanning is disabled globally (not via a mail policy) while a message is in the Outbreak
quarantine, the message is not anti-virus scanned when it leaves the quarantine, even if anti-virus
scanning is re-enabled prior to the message leaving the quarantine.
quarantine, the message is not anti-virus scanned when it leaves the quarantine, even if anti-virus
scanning is re-enabled prior to the message leaving the quarantine.