Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160

Early Expiration—messages are forced from quarantines before the configured retention time is 
reached. This can happen when: 

The size limit for all quarantines, as defined in 

, is reached. 

If the size limit is reached, the oldest messages, regardless of quarantine, are processed and the 
default action is performed for each message, until the size of all quarantines is again less than 
the size limit. The policy is First In First Out (FIFO). Messages in multiple quarantines will be 
expired based on their latest expiration time. 

(Optional) You can configure individual quarantines to be exempt from release or deletion 
because of insufficient disk space. If you configure all quarantines to be exempt and the disk 
space reaches capacity,  messages will be held on the Email Security appliance until space is 
available on the Security Management appliance. 

Because the Security Management appliance does not scan messages, a copy of each message 
in the centralized outbreak quarantine is stored on the Email Security appliance that originally 
processed the message. This allows the Email Security appliance to rescan quarantined 
messages each time outbreak filter rules are updated, and tell the Security Management 
appliance to release messages that are no longer deemed a threat. Both copies of the outbreak 
quarantine should hold the same set of messages at all times. Therefore, in the rare situation 
when disk space on the Email Security appliance becomes full, then the copies of messages in 
the Outbreak quarantine on both appliances will expire early, even if the centralized quarantine 
still has space. 

You will receive alerts at disk-space milestones. See 

You delete a quarantine that still holds messages. 

When a message is automatically removed from a quarantine, the default action is performed on that 
message. See 

. 

Daylight savings time and appliance time zone changes do not affect the retention period. 

If you change the retention time of a quarantine, only new messages will have the new expiration 
time.

If the system clock is changed, messages that should have expired in the past will expire at the next 
most appropriate time. 

System clock changes do not apply to messages that are in the process of being expired. 

The default action is performed on messages in a policy, virus, or outbreak quarantine when any situation 
described in 

, occurs. 

There are two primary default actions:

Delete—The message is deleted.

Release—The message is released for delivery. 

Upon release, messages may be re-scanned by anti-virus or anti-spam engines. For more 
information, see