User Guide
CHAPTER
30-1
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
30
Policy, Virus, and Outbreak Quarantines
• Overview of Policy, Virus, and Outbreak Quarantines, page 30-1
• Managing Policy, Virus, and Outbreak Quarantines, page 30-3
• Working with Messages in Policy, Virus, or Outbreak Quarantines, page 30-10
Overview of Policy, Virus, and Outbreak Quarantines
“Policy, virus and outbreak quarantines” includes all non-spam quarantines, including the File Analysis
quarantine.
When an Email Security appliance detects possible malware or content that is not allowed by your
organization in incoming or outgoing messages, it can send those messages to a quarantine instead of
deleting them immediately. A quarantine holds these messages safely on the Email Security appliance
or on a Cisco Content Security Management appliance for a period of time, to allow a human being to
review them, or to await an update that will better evaluate the safety of the message.
Examples of how non-spam quarantines can be used in your organization:
• Policy enforcement. Let Human Resources personnel or the Legal department review messages that
may contain offensive, confidential, or otherwise disallowed information.
• Virus quarantine. Store messages that are marked as infected, encrypted, or not scannable by the
anti-virus scanning engine to prevent the spread of viruses to your users.
• Outbreak prevention. Hold messages that are flagged by the Outbreak Filters as possibly being part
of a viral outbreak or small-scale malware attack until an anti-virus or anti-spam update is released.
• File Analysis quarantine. Store messages that have attachments that may contain malware, and that
have been sent for analysis, until a verdict is reached.
Related Topic
• Quarantine Types, page 30-2
• Chapter 31, “Spam Quarantine”