IronPort - daily management guide - AsyncOS 7.6.1
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Quarantines Overview<br />
System Quarantines<br />
4-2<br />
Cisco <strong>IronPort</strong> <strong>AsyncOS</strong> 7.6 for Email Daily Management Guide<br />
Chapter 4 Quarantines<br />
Typically, messages are placed in system quarantines due to a filter action. Additionally, the Outbreak<br />
Filters feature quarantines suspicious messages in the Outbreak quarantine, specifically. System<br />
quarantines are configured to process messages automatically—messages are either delivered or deleted<br />
based on the configuration settings (for more information, see System Quarantine Settings, page 4-3) set<br />
for the quarantine(s) in which the message is placed. In addition to the automated process, designated<br />
users (such as your mail administrator, Human Resources personnel, Legal department, etc.) can review<br />
the contents of the quarantines and then either release, delete, or send a copy of each message. Released<br />
messages are scanned for viruses (assuming that anti-virus is enabled for that particular mail policy).<br />
System Quarantines are ideal for:<br />
Policy Enforcement - have Human Resources or the Legal department review messages that contain<br />
offensive or confidential information before delivering them.<br />
Virus quarantine - store messages marked as not scannable (or encrypted, infected, etc.) by the<br />
anti-virus scanning engine.<br />
Providing a foundation for the Outbreak Filters feature - hold messages flagged by the Outbreak<br />
Filters feature until a anti-virus or anti-spam update is released. For more information about the<br />
Outbreak Filters feature, see the “Outbreak Filters” chapter in the Cisco <strong>IronPort</strong> <strong>AsyncOS</strong> for Email<br />
Configuration Guide.<br />
Your Cisco <strong>IronPort</strong> appliance can have several pre-configured quarantines, depending on features<br />
licensed; however, the Policy quarantine is created by default, regardless of license.<br />
Outbreak, a quarantine used by the Outbreak Filters feature created when the Outbreak Filters<br />
feature license key is enabled.<br />
Virus, a quarantine used by the anti-virus engine, created when the anti-virus license key is enabled.<br />
Policy, a default quarantine (for example, use this to store messages requiring review).<br />
For details on how to add, modify, or delete additional quarantines, see Managing System Quarantines<br />
via the Graphical User Interface (GUI), page 4-3.<br />
Access and interact with system quarantines via the Graphical User Interface (GUI) or the Command<br />
Line Interface (CLI) via the quarantineconfig command.<br />
Note The Command Line Interface (CLI) for system quarantines contains a subset of the functionality found<br />
in the GUI (see the Cisco <strong>IronPort</strong> <strong>AsyncOS</strong> CLI Reference Guide).<br />
Cisco <strong>IronPort</strong> Spam Quarantines<br />
<strong>AsyncOS</strong> can be configured to send both spam and suspected spam to a Cisco <strong>IronPort</strong> Spam quarantine.<br />
You can also configure the system to send a notification email to users, informing them of quarantined<br />
spam and suspected spam messages. This notification contains a summary of the messages currently in<br />
the Cisco <strong>IronPort</strong> Spam quarantine for that user. The user may view the messages and decide whether<br />
to have them delivered to their inbox or delete them. Users can also search through their quarantined<br />
messages. Users can access the quarantine via the notification or directly via a web browser (this requires<br />
authentication, see Configuring End User Quarantine Access, page 4-24).<br />
OL-25138-01