Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
8-22
AsyncOS 8.3.6 for Cisco Content Security Management User Guide
Chapter 8 Centralized Policy, Virus, and Outbreak Quarantines
Working with Messages in Policy, Virus, or Outbreak Quarantines
•
Messages released from the Outbreak quarantine are rescanned by the anti-spam and anti-virus
engines. (For information about rescanning of messages while in the Outbreak quarantine, see the
chapter on Outbreak Filters in the online help or user guide for the Email Security appliance.)
engines. (For information about rescanning of messages while in the Outbreak quarantine, see the
chapter on Outbreak Filters in the online help or user guide for the Email Security appliance.)
•
Messages with attachments are rescanned by the file reputation service upon release from Policy,
Virus, and Outbreak quarantines.
Virus, and Outbreak quarantines.
Upon rescanning, if the verdict produced matches the verdict produced the previous time the message
was processed, the message is not re-quarantined. Conversely, if the verdict is different, the message
could be sent to another quarantine.
was processed, the message is not re-quarantined. Conversely, if the verdict is different, the message
could be sent to another quarantine.
The rationale is to prevent messages from looping back to the quarantine indefinitely. For example,
suppose a message is encrypted and therefore sent to the Virus quarantine. If an administrator releases
the message, the anti-virus engine will still not be able to decrypt it; however, the message should not
be re-quarantined or a loop will be created and the message will never be released from the quarantine.
Since the two verdicts are the same, the system bypasses the Virus quarantine the second time.
suppose a message is encrypted and therefore sent to the Virus quarantine. If an administrator releases
the message, the anti-virus engine will still not be able to decrypt it; however, the message should not
be re-quarantined or a loop will be created and the message will never be released from the quarantine.
Since the two verdicts are the same, the system bypasses the Virus quarantine the second time.
The Outbreak Quarantine
The Outbreak quarantine is present when a valid Outbreak Filters feature license key has been entered.
The Outbreak Filters feature sends messages to the Outbreak quarantine, depending on the threshold set.
For more information, see the Outbreak Filters chapter in the online help or user guide for the Email
Security appliance.
The Outbreak Filters feature sends messages to the Outbreak quarantine, depending on the threshold set.
For more information, see the Outbreak Filters chapter in the online help or user guide for the Email
Security appliance.
The Outbreak quarantine functions just like other quarantines—you can search for messages, release or
delete messages, and so on.
delete messages, and so on.
The Outbreak quarantine has some additional features not available in other quarantines: the Manage by
Rule Summary link, the Send to Cisco feature when viewing message details, and the option to sort
messages in search results by the Scheduled Exit time.
Rule Summary link, the Send to Cisco feature when viewing message details, and the option to sort
messages in search results by the Scheduled Exit time.
If the license for the Outbreak Filters feature expires, you will be unable to add more messages to the
Outbreak quarantine. Once the messages currently in the quarantine have expired and the Outbreak
quarantine becomes empty, it is no longer shown in the Quarantines listing in the GUI.
Outbreak quarantine. Once the messages currently in the quarantine have expired and the Outbreak
quarantine becomes empty, it is no longer shown in the Quarantines listing in the GUI.
Rescanning Messages in an Outbreak Quarantine
Messages placed in the Outbreak quarantine are automatically released if newly published rules deem
the quarantined message no longer a threat.
the quarantined message no longer a threat.
If anti-spam and anti-virus are enabled on the appliance, the scanning engines scan every message
released from the Outbreak quarantine based on the mail flow policy that applies to the message.
released from the Outbreak quarantine based on the mail flow policy that applies to the message.
Manage by Rule Summary Link
Click the Manage by Rule Summary link next to the Outbreak quarantine in the quarantine listing to view
the Manage by Rule Summary page. You can perform message actions (Release, Delete, Delay Exit) on
all of the messages in the quarantine based on which outbreak rule caused the message to be quarantined.
This is ideal for clearing out large numbers of messages from the Outbreak quarantine. For more
information, see information about the Manage by Rule Summary view in the Outbreak Filters chapter
in the online help or user guide for the Email Security appliance.
the Manage by Rule Summary page. You can perform message actions (Release, Delete, Delay Exit) on
all of the messages in the quarantine based on which outbreak rule caused the message to be quarantined.
This is ideal for clearing out large numbers of messages from the Outbreak quarantine. For more
information, see information about the Manage by Rule Summary view in the Outbreak Filters chapter
in the online help or user guide for the Email Security appliance.