Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

When a message is released from all queues in which is has been quarantined, the following rescanning 
occurs, depending on the features enabled for the appliance and for the mail policy that originally 
quarantined the message: 

Messages released from Policy and Virus quarantines are rescanned by the anti-virus engine. 

Messages released from the Outbreak quarantine are rescanned by the anti-spam and anti-virus 
engines. (For information about rescanning of messages while in the Outbreak quarantine, see 

Messages released from the File Analysis quarantine are rescanned for threats. 

Messages with attachments are rescanned by the file reputation service upon release from Policy, 
Virus, and Outbreak quarantines. 

Upon rescanning, if the verdict produced matches the verdict produced the previous time the message 
was processed, the message is not re-quarantined. Conversely, if the verdict is different, the message 
could be sent to another quarantine.

The rationale is to prevent messages from looping back to the quarantine indefinitely. For example, 
suppose a message is encrypted and therefore sent to the Virus quarantine. If an administrator releases 
the message, the anti-virus engine will still not be able to decrypt it; however, the message should not 
be re-quarantined or a loop will be created and the message will never be released from the quarantine. 
Since the two verdicts are the same, the system bypasses the Virus quarantine the second time. 

The Outbreak quarantine is present when a valid Outbreak Filters feature license key has been entered. 
The Outbreak Filters feature sends messages to the Outbreak quarantine, depending on the threshold set. 
For more information, see 

 

The Outbreak quarantine functions just like other quarantines—you can search for messages, release or 
delete messages, and so on. 

The Outbreak quarantine has some additional features not available in other quarantines: the Manage by 
Rule Summary link, the Send to Cisco feature when viewing message details, and the option to sort 
messages in search results by the Scheduled Exit time. 

If the license for the Outbreak Filters feature expires, you will be unable to add more messages to the 
Outbreak quarantine. Once the messages currently in the quarantine have expired and the Outbreak 
quarantine becomes empty, it is no longer shown in the Quarantines listing in the GUI.

Messages placed in the Outbreak quarantine are automatically released if newly published rules deem 
the quarantined message no longer a threat.