Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
8-15
AsyncOS 8.3 for Cisco Content Security Management User Guide
Chapter 8 Centralized Policy, Virus, and Outbreak Quarantines
Managing Policy, Virus, and Outbreak Quarantines
Policy Quarantines and Logging
AsyncOS individually logs all messages that are quarantined:
Info: MID 482 quarantined to "Policy" (message filter:policy_violation)
The message filter or Outbreak Filters feature rule that caused the message to be quarantined is placed
in parentheses. A separate log entry is generated for each quarantine in which the message is placed.
in parentheses. A separate log entry is generated for each quarantine in which the message is placed.
AsyncOS also individually logs messages that are removed from quarantine:
Info: MID 483 released from quarantine "Policy" (queue full)
Info: MID 484 deleted from quarantine "Anti-Virus" (expired)
The system individually logs messages after they are removed from all quarantines and either
permanently deleted or scheduled for delivery, for example
permanently deleted or scheduled for delivery, for example
Info: MID 483 released from all quarantines
Info: MID 484 deleted from all quarantines
When a message is re-injected, the system creates a new Message object with a new Message ID (MID).
This is logged using an existing log message with a new MID “byline”, for example:
This is logged using an existing log message with a new MID “byline”, for example:
Info: MID 483 rewritten to 513 by Policy Quarantine
About Distributing Message Processing Tasks to Other Users
You can distribute message review and processing tasks to other administrative users. For example:
•
The Human Resources team can review and manage the Policy Quarantine.
•
The Legal team can manage the Confidential Material Quarantine.
You assign access privileges to these users when you specify settings for a quarantine. In order to add
users to quarantines, the users must already exist.
users to quarantines, the users must already exist.
Each user may have access to all, some, or none of the quarantines. A user who is not authorized to view
a quarantine will not see any indication of its existence anywhere in the GUI or CLI listings of
quarantines.
a quarantine will not see any indication of its existence anywhere in the GUI or CLI listings of
quarantines.
Related Topics
•
•
Which User Groups Can Access Policy, Virus, and Outbreak Quarantines
When you allow administrative users to access a quarantine, the actions that they can perform depend
on their user group:
on their user group:
•
Users in the Administrators or Email Administrators groups can create, configure, delete, and
centralize quarantines and can manage quarantined messages.
centralize quarantines and can manage quarantined messages.
•
Users in the Operators, Guests, Read-Only Operators, and Help Desk Users groups, as well as
custom user roles with quarantine management privileges, can search for, view, and process
messages in a quarantine, but cannot change the quarantine’s settings, create, delete, or centralize
quarantines. You specify in each quarantine which of these users have access to that quarantine.
custom user roles with quarantine management privileges, can search for, view, and process
messages in a quarantine, but cannot change the quarantine’s settings, create, delete, or centralize
quarantines. You specify in each quarantine which of these users have access to that quarantine.
•
Users in the Technicians group cannot access quarantines.