Cisco Cisco Content Security Management Appliance M390 Guida Utente
8-10
AsyncOS 10.0 for Cisco Content Security Management Appliances User Guide
Chapter 8 Centralized Policy, Virus, and Outbreak Quarantines
Managing Policy, Virus, and Outbreak Quarantines
Note
The normal retention time for messages in the Outbreak Filters quarantine is configured in
the Outbreak Filters section of each mail policy, not in the outbreak quarantine.
the Outbreak Filters section of each mail policy, not in the outbreak quarantine.
•
Early Expiration—messages are forced from quarantines before the configured retention time is
reached. This can happen when:
reached. This can happen when:
–
The size limit for all quarantines, as defined in
, is reached.
If the size limit is reached, the oldest messages, regardless of quarantine, are processed and the
default action is performed for each message, until the size of all quarantines is again less than
the size limit. The policy is First In First Out (FIFO). Messages in multiple quarantines will be
expired based on their latest expiration time.
default action is performed for each message, until the size of all quarantines is again less than
the size limit. The policy is First In First Out (FIFO). Messages in multiple quarantines will be
expired based on their latest expiration time.
(Optional) You can configure individual quarantines to be exempt from release or deletion
because of insufficient disk space. If you configure all quarantines to be exempt and the disk
space reaches capacity, messages will be held on the Web Security appliance until space is
available on the Security Management appliance.
because of insufficient disk space. If you configure all quarantines to be exempt and the disk
space reaches capacity, messages will be held on the Web Security appliance until space is
available on the Security Management appliance.
Because the Security Management appliance does not scan messages, a copy of each message
in the centralized outbreak quarantine is stored on the Web Security appliance that originally
processed the message. This allows the Email Security appliance to rescan quarantined
messages each time outbreak filter rules are updated, and tell the Security Management
appliance to release messages that are no longer deemed a threat. Both copies of the outbreak
quarantine should hold the same set of messages at all times. Therefore, in the rare situation
when disk space on the Web Security appliance becomes full, then the copies of messages in the
Outbreak quarantine on both appliances will expire early, even if the centralized quarantine still
has space.
in the centralized outbreak quarantine is stored on the Web Security appliance that originally
processed the message. This allows the Email Security appliance to rescan quarantined
messages each time outbreak filter rules are updated, and tell the Security Management
appliance to release messages that are no longer deemed a threat. Both copies of the outbreak
quarantine should hold the same set of messages at all times. Therefore, in the rare situation
when disk space on the Web Security appliance becomes full, then the copies of messages in the
Outbreak quarantine on both appliances will expire early, even if the centralized quarantine still
has space.
You will receive alerts at disk-space milestones. See
–
You delete a quarantine that still holds messages.
When a message is automatically removed from a quarantine, the default action is performed on that
message. See
message. See
.
Note
In addition to the above scenarios, messages can be automatically removed from quarantine based on the
result of scanning operations (outbreak filters or file analysis.)
result of scanning operations (outbreak filters or file analysis.)
Effects of Time Adjustments on Retention Time
•
Daylight savings time and appliance time zone changes do not affect the retention period.
•
If you change the retention time of a quarantine, only new messages will have the new expiration
time.
time.
•
If the system clock is changed, messages that should have expired in the past will expire at the next
most appropriate time.
most appropriate time.
•
System clock changes do not apply to messages that are in the process of being expired.