Overview of Policy, Virus, and Outbreak Quarantines
“Policy, virus and outbreak quarantines” includes all non-spam quarantines, including the File Analysis quarantine.
When an Email Security appliance detects possible malware or content that is not allowed by your organization in incoming or outgoing messages, it can send those messages to a quarantine instead of deleting them immediately. A quarantine holds these messages safely on the Email Security appliance or on a Cisco Content Security Management appliance for a period of time, to allow a human being to review them, or to await an update that will better evaluate the safety of the message.
Examples of how non-spam quarantines can be used in your organization:
- Policy enforcement. Let Human Resources personnel or the Legal department review messages that may contain offensive, confidential, or otherwise disallowed information.
- Virus quarantine. Store messages that are marked as infected, encrypted, or not scannable by the anti-virus scanning engine to prevent the spread of viruses to your users.
- Outbreak prevention. Hold messages that are flagged by the Outbreak Filters as possibly being part of a viral outbreak or small-scale malware attack until an anti-virus or anti-spam update is released.
- File Analysis quarantine. Store messages that have attachments that may contain malware, and that have been sent for analysis, until a verdict is reached.