Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The message filter or Outbreak Filters feature rule that caused the message to be quarantined is placed 
in the parenthesis. A separate log entry is generated for each quarantine in which the message is placed.

AsyncOS also individually logs messages that are removed from quarantine:

Info: MID 483 released from quarantine "Policy" (queue full) 

Info: MID 484 deleted from quarantine "Anti-Virus" (expired)

 

The system individually logs messages after they are removed from all quarantines and either 
permanently deleted or scheduled for delivery, e.g.

Info: MID 483 released from all quarantines 

Info: MID 484 deleted from all quarantines 

When a message is re-injected, the system creates a new Message object with a new MID. This is logged 
using an existing log message with a new MID “byline”, e.g.

Info: MID 483 rewritten to 513 by System Quarantine

The Outbreak quarantine is present when a valid Outbreak Filters feature license key has been entered. 
The Outbreak Filters feature sends messages to the Outbreak quarantine, depending on the threshold set. 
For more information, see the “Outbreak Filters” chapter in the Cisco IronPort AsyncOS for Email 
Configuration Guide.

If the license for the Outbreak Filters feature expires, you will be unable to add more messages to the 
Outbreak quarantine. Once the messages currently in the quarantine have expired and the Outbreak 
quarantine becomes empty, it is no longer shown in the Quarantines listing in the GUI.

The Outbreak quarantine functions just like other quarantines — you can search for messages, release 
or delete messages, etc. Messages placed in the Outbreak quarantine are automatically released if newly 
published rules deem the quarantined message no longer a threat.

The Outbreak quarantine has some additional features, not available in other quarantines: the Manage 
by Rule Summary link, the Send to Cisco IronPort feature when viewing message details, and the option 
to sort messages in sort results by Scheduled Exit time.

If anti-spam and anti-virus are enabled on the appliance, the scanning engines scan every message 
released from the Outbreak quarantine based on the mail flow policy that applies to the message.

Click the Manage by Rule Summary link next to the Outbreak quarantine in the quarantine listing to view 
the Manage by Rule Summary page. You can perform message actions (Release, Delete, Delay Exit) on 
all of the messages in the quarantine based on which outbreak rule caused the message to be quarantined. 
This is ideal for clearing out large amounts of messages from the Outbreak quarantine. For more 
information, see the “Outbreak Filters” chapter in the Cisco IronPort AsyncOS for Email Configuration 
Guide.

When viewing message details for a message in the Outbreak quarantine, you can optionally report the 
message to Cisco IronPort. Do this to report false positives or to report suspicious messages to Cisco 
IronPort.