Cisco Cisco Email Security Appliance C160 Mode D'Emploi
14-18
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 14 Outbreak Filters
Managing Outbreak Filters (GUI)
•
Overflow occurs when the quarantine is full and more messages are added. In this case the messages
closest to their expiration date (not necessarily the oldest messages) are released first, until enough
room is available for the new messages. You can configure the Outbreak quarantine so that the
following actions are performed on messages before they are released due to overflow: strip
attachments, modify the subject, add an X-Header.
closest to their expiration date (not necessarily the oldest messages) are released first, until enough
room is available for the new messages. You can configure the Outbreak quarantine so that the
following actions are performed on messages before they are released due to overflow: strip
attachments, modify the subject, add an X-Header.
Because quarantined messages are rescanned whenever new rules are published, it is very likely that
messages in the Outbreak quarantine will be released prior to the expiration time.
messages in the Outbreak quarantine will be released prior to the expiration time.
Still, it can be important to monitor the Outbreak quarantine if the Default Action is set to Delete. Cisco
recommends most users to not set the default action to Delete. For more information about releasing
messages from the Outbreak quarantine, or changing the Default Action for the Outbreak Quarantine,
see
recommends most users to not set the default action to Delete. For more information about releasing
messages from the Outbreak quarantine, or changing the Default Action for the Outbreak Quarantine,
see
Conversely, if you have messages in your Outbreak quarantine that you would like to keep in the
quarantine longer while you wait for a new rule update, for example, you can delay the expiration of
those messages. Keep in mind that increasing the retention time for messages can cause the size of the
quarantine to grow.
quarantine longer while you wait for a new rule update, for example, you can delay the expiration of
those messages. Keep in mind that increasing the retention time for messages can cause the size of the
quarantine to grow.
Note
If anti-virus scanning is disabled globally (not via a mail policy) while a message is in the Outbreak
quarantine, the message is not anti-virus scanned when it leaves the quarantine, even if anti-virus
scanning is re-enabled prior to the message leaving the quarantine.
quarantine, the message is not anti-virus scanned when it leaves the quarantine, even if anti-virus
scanning is re-enabled prior to the message leaving the quarantine.
Note
You can use the Outbreak Filters feature without having enabled anti-virus scanning on the Cisco
appliance. However, Outbreak Filters cannot scan for non-viral threats if anti-spam scanning is not
enabled on the appliance.
appliance. However, Outbreak Filters cannot scan for non-viral threats if anti-spam scanning is not
enabled on the appliance.
Outbreak Quarantine and the Manage by Rule Summary View
You can view the contents of the Outbreak quarantine by clicking on the name of the quarantine in the
listing on the Monitor menu in the GUI. The Outbreak quarantine has an additional view as well, the
Outbreak Quarantine Manage by Rule Summary link.
listing on the Monitor menu in the GUI. The Outbreak quarantine has an additional view as well, the
Outbreak Quarantine Manage by Rule Summary link.
Figure 14-7
The Outbreak Quarantine Manage by Rule Summary Link
Using the Summary View to Perform Message Actions on Messages in the Outbreak Quarantine Based on Rule ID.
Click on the Manage by Rule Summary link to see a listing of the contents of the Outbreak quarantine,
grouped by rule ID:
grouped by rule ID: