Cisco Cisco Email Security Appliance C160 Mode D'Emploi
27-9
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 27 Quarantines
Managing Policy, Virus, and Outbreak Quarantines
Policy Quarantine Performance
Messages stored in policy quarantines use system memory in addition to hard-drive space. Storing
hundreds of thousands of messages in policy quarantines on a single appliance may cause a decrease in
the appliance’s performance due to excessive memory usage. The appliance takes more time to
quarantine, delete, and release messages, which causes message processing to slow down and the email
pipeline to back up.
hundreds of thousands of messages in policy quarantines on a single appliance may cause a decrease in
the appliance’s performance due to excessive memory usage. The appliance takes more time to
quarantine, delete, and release messages, which causes message processing to slow down and the email
pipeline to back up.
Cisco recommends storing an average of less than 20,000 messages in your policy quarantines to ensure
that the Email Security appliance processes email at a normal rate.
that the Email Security appliance processes email at a normal rate.
To check the number of messages in quarantines, see
.
Alerts About Quarantine Disk-Space Usage
An alert is sent whenever the total size of the policy, virus, and outbreak quarantine reaches or passes
75 percent, 85 percent, and 95 percent of its capacity. The check is performed when a message is placed
in the quarantine. For example, if adding a message to a quarantine increases the size to or past
75 percent of the total capacity, an alert is sent.
75 percent, 85 percent, and 95 percent of its capacity. The check is performed when a message is placed
in the quarantine. For example, if adding a message to a quarantine increases the size to or past
75 percent of the total capacity, an alert is sent.
For more information about Alerts, see
.
Policy Quarantines and Logging
AsyncOS individually logs all messages that are quarantined:
Info: MID 482 quarantined to "Policy" (message filter:policy_violation)
The message filter or Outbreak Filters feature rule that caused the message to be quarantined is placed
in parentheses. A separate log entry is generated for each quarantine in which the message is placed.
in parentheses. A separate log entry is generated for each quarantine in which the message is placed.
AsyncOS also individually logs messages that are removed from quarantine:
Info: MID 483 released from quarantine "Policy" (queue full)
Info: MID 484 deleted from quarantine "Anti-Virus" (expired)
The system individually logs messages after they are removed from all quarantines and either
permanently deleted or scheduled for delivery, for example
permanently deleted or scheduled for delivery, for example
Info: MID 483 released from all quarantines
Info: MID 484 deleted from all quarantines
Date a policy quarantine was created
Choose Monitor > Policy, Virus, and Outbreak
Quarantines, click the quarantine name, and look for this
information in the table row directly below the quarantine
name.
Quarantines, click the quarantine name, and look for this
information in the table row directly below the quarantine
name.
Creation date and creator name are not available for
system-created quarantines.
system-created quarantines.
Name of policy quarantine creator
Filters and message actions associated
with a quarantine
with a quarantine
To View
Do This