Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
8-20
AsyncOS 8.3.5 for Cisco Content Security Management User Guide
Chapter 8 Centralized Policy, Virus, and Outbreak Quarantines
Working with Messages in Policy, Virus, or Outbreak Quarantines
Message Details and Viewing Message Content
Click on the subject line of a message to view that message’s content and to access the Quarantined
Message page.
Message page.
The Quarantined Message page has two sections: Quarantine Details and Message Details.
From the Quarantined Message page, you can read the message, select a Message Action, or send a copy
of the message,. You can also see if a message will be encrypted upon release from the quarantine due
to the Encrypt on Delivery filter action.
of the message,. You can also see if a message will be encrypted upon release from the quarantine due
to the Encrypt on Delivery filter action.
The Message Details section displays the message body, message headers, and attachments. Only the
first 100 K of the message body is displayed. If the message is longer, the first 100 K is shown, followed
by an ellipsis (...). The actual message is not truncated. This is for display purposes only. You can
download the message body by clicking
first 100 K of the message body is displayed. If the message is longer, the first 100 K is shown, followed
by an ellipsis (...). The actual message is not truncated. This is for display purposes only. You can
download the message body by clicking
[message body]
in the Message Parts section at the bottom of
Message Details. You can also download any of the message’s attachments by clicking the attachment’s
filename.
filename.
If you view a message that contains a virus and you have desktop anti-virus software installed on your
computer, your anti-virus software may complain that it has found a virus. This is not a threat to your
computer and can be safely ignored.
computer, your anti-virus software may complain that it has found a virus. This is not a threat to your
computer and can be safely ignored.
To view additional details about the message, click the Message Tracking link.
Note
For the special Outbreak quarantine, additional functionality is available. See
.
Viewing Matched Content
When you configure a quarantine action for messages that match Attachment Content conditions,
Message Body or Attachment conditions, Message body conditions, or the Attachment content
conditions, you can view the matched content in the quarantined message. When you display the
message body, the matched content is highlighted in yellow, except for DLP policy violation matches.
You can also use the
Message Body or Attachment conditions, Message body conditions, or the Attachment content
conditions, you can view the matched content in the quarantined message. When you display the
message body, the matched content is highlighted in yellow, except for DLP policy violation matches.
You can also use the
$MatchedContent
action variable to include the matched content from message or
content filter matches in the message subject.
If the attachment contains the matched content, the attachment’s contents are displayed, as well as the
reason it was quarantined, whether it was due to a DLP policy violation, content filter condition, message
filter condition, or Image Analysis verdict.
reason it was quarantined, whether it was due to a DLP policy violation, content filter condition, message
filter condition, or Image Analysis verdict.
When you view messages in the local quarantine that have triggered message or content filter rules, the
GUI may display content that did not actually trigger the filter action (along with content that triggered
the filter action). The GUI display should be used as a guideline for locating content matches, but does
not necessarily reflect an exact list of content matches. This occurs because the GUI uses less strict
content matching logic than is used in the filters. This issue applies only to the highlighting in the
message body. The table that lists the matched strings in each part of the message, along with the
associated filter rule, is correct.
GUI may display content that did not actually trigger the filter action (along with content that triggered
the filter action). The GUI display should be used as a guideline for locating content matches, but does
not necessarily reflect an exact list of content matches. This occurs because the GUI uses less strict
content matching logic than is used in the filters. This issue applies only to the highlighting in the
message body. The table that lists the matched strings in each part of the message, along with the
associated filter rule, is correct.