Cisco Cisco Email Security Appliance C160 Mode D'Emploi
4-2
Cisco IronPort AsyncOS 7.6 for Email Daily Management Guide
OL-25138-01
Chapter 4 Quarantines
Quarantines Overview
System Quarantines
Typically, messages are placed in system quarantines due to a filter action. Additionally, the Outbreak
Filters feature quarantines suspicious messages in the Outbreak quarantine, specifically. System
quarantines are configured to process messages automatically—messages are either delivered or deleted
based on the configuration settings (for more information, see
Filters feature quarantines suspicious messages in the Outbreak quarantine, specifically. System
quarantines are configured to process messages automatically—messages are either delivered or deleted
based on the configuration settings (for more information, see
for the quarantine(s) in which the message is placed. In addition to the automated process, designated
users (such as your mail administrator, Human Resources personnel, Legal department, etc.) can review
the contents of the quarantines and then either release, delete, or send a copy of each message. Released
messages are scanned for viruses (assuming that anti-virus is enabled for that particular mail policy).
users (such as your mail administrator, Human Resources personnel, Legal department, etc.) can review
the contents of the quarantines and then either release, delete, or send a copy of each message. Released
messages are scanned for viruses (assuming that anti-virus is enabled for that particular mail policy).
System Quarantines are ideal for:
•
Policy Enforcement - have Human Resources or the Legal department review messages that contain
offensive or confidential information before delivering them.
offensive or confidential information before delivering them.
•
Virus quarantine - store messages marked as not scannable (or encrypted, infected, etc.) by the
anti-virus scanning engine.
anti-virus scanning engine.
•
Providing a foundation for the Outbreak Filters feature - hold messages flagged by the Outbreak
Filters feature until a anti-virus or anti-spam update is released. For more information about the
Outbreak Filters feature, see the “Outbreak Filters” chapter in the Cisco IronPort AsyncOS for Email
Configuration Guide.
Filters feature until a anti-virus or anti-spam update is released. For more information about the
Outbreak Filters feature, see the “Outbreak Filters” chapter in the Cisco IronPort AsyncOS for Email
Configuration Guide.
Your Cisco IronPort appliance can have several pre-configured quarantines, depending on features
licensed; however, the Policy quarantine is created by default, regardless of license.
licensed; however, the Policy quarantine is created by default, regardless of license.
•
Outbreak, a quarantine used by the Outbreak Filters feature created when the Outbreak Filters
feature license key is enabled.
feature license key is enabled.
•
Virus, a quarantine used by the anti-virus engine, created when the anti-virus license key is enabled.
•
Policy, a default quarantine (for example, use this to store messages requiring review).
For details on how to add, modify, or delete additional quarantines, see
.
Access and interact with system quarantines via the Graphical User Interface (GUI) or the Command
Line Interface (CLI) via the
Line Interface (CLI) via the
quarantineconfig
command.
Note
The Command Line Interface (CLI) for system quarantines contains a subset of the functionality found
in the GUI (see the Cisco IronPort AsyncOS CLI Reference Guide).
in the GUI (see the Cisco IronPort AsyncOS CLI Reference Guide).
Cisco IronPort
Spam Quarantines
AsyncOS can be configured to send both spam and suspected spam to a Cisco IronPort Spam quarantine.
You can also configure the system to send a notification email to users, informing them of quarantined
spam and suspected spam messages. This notification contains a summary of the messages currently in
the Cisco IronPort Spam quarantine for that user. The user may view the messages and decide whether
to have them delivered to their inbox or delete them. Users can also search through their quarantined
messages. Users can access the quarantine via the notification or directly via a web browser (this requires
authentication, see
You can also configure the system to send a notification email to users, informing them of quarantined
spam and suspected spam messages. This notification contains a summary of the messages currently in
the Cisco IronPort Spam quarantine for that user. The user may view the messages and decide whether
to have them delivered to their inbox or delete them. Users can also search through their quarantined
messages. Users can access the quarantine via the notification or directly via a web browser (this requires
authentication, see
).