Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
0
Replies

PHISHING email detected and quarantine BUT released after 53 minutes because of a BUG with NO FIX = CSCur12773 - VOF dynamic timer is not dynamic

dukebox
Level 1
Level 1

‎11-21-2018 08:24 AM - edited ‎11-21-2018 08:26 AM

Symptom:
End-customers are receiving live, non-viral threat messages even though the ESA and VOF had caught, flagged, and quarantined. When the messages are originally received, they are identified and quarantined as configured. At the 53 minute mark, messages are released from quarantine, re-processed through, and delivered to end-user, regardless of the threat component of the message. Message arrive to end-user with threat component still valid, just email delayed.

Conditions:
VOF configured and active on inbound mail policy. Emails are being caught and tagged VOF (non-viral) threat positive, then sent to quarantine. After dynamic timer is hit - 53 minutes - message is released from quarantine for "expiration" and released directly to end-user, even if there is not an updated or associated IPAS rule in place.

 

 

IT appears many phishing email caught by the antispam, are being released from quarantine to end user...to me this is has bad as malware as credential phishing is supposed to be prevented as it is being used by hackers to attack (like SamSam targetted attack).

 

Why isn't Cisco prioritize this fix ? antispam is supposed to be malware and phishing prevention!!

I have escalate my case for this fix!! if you experiment the same issue please do it as well to push CISCO to fix this ASAP!!! that is a huge flaw that pose a risk to ours users!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents