Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
856
Views
0
Helpful
2
Replies

About different Quarantines in SMA

REJR77
Level 1
Level 1

‎12-16-2016 07:57 AM

Hello,

I have noticed that an email can be sent to several Quarantines.

For example, the message can be stored in VOF quarantine, and Policy Quarantine.

How is handled the message when we release the message from one quarantine? Is it also released from the other quarantine?

Regards

Labels:
0 Helpful
2 Replies 2

Libin Varghese
Cisco Employee
Cisco Employee

‎12-16-2016 10:33 AM

Hi Romain,

A message can end up in more than one quarantine for a variety of reasons. For example, if there is a filter created to quarantine emails that may contain offensive material to the "Policy" quarantine and a message is received which matches that filter and has an encrypted attachment that cannot be scanned for viruses, this email will end up in both the "Virus" and the "Policy" quarantine.

Note: The policies governing messages that reside in multiple quarantines are "conservative" in that they do not allow a message to be delivered from a quarantine, unless that message has been released from all of the quarantines in which it resides.

Although an email deleted from one of the quarantines would still display the email in the second quarantine, however it cannot be released as its actually a single message.

For example
17 Mar 2016 03:09:16 (GMT +04:00) Message 3738210 quarantined to Policy. Content filter AttachmentFilter.
17 Mar 2016 03:09:16 (GMT +04:00) Message 3738210 quarantined to Virus. Anti-Virus verdict ENCRYPTED.
27 Mar 2016 03:13:19 (GMT +04:00) Message 3738210 deleted from quarantine Policy after 864243 seconds. Reason: expiration.
28 Mar 2016 09:00:11 (GMT +04:00) Message 3738210 released from quarantine Virus after 971455 seconds. Reason: manually released.
28 Mar 2016 09:00:11 (GMT +04:00) Message 3738210 deleted from all quarantines.

Policy, Virus, and Outbreak quarantines (System quarantines) share a single pool of disk space, the size of which depends on the hardware model. Messages in multiple quarantines consume the same amount of disk space as a message in a single quarantine.

Regards,
Libin

0 Helpful

syeda3
Level 1
Level 1

‎01-24-2017 06:48 AM

Please see the below url for Best Practices Guide on Centralized Policy, Virus and Outbreak Quarantines Setup.

http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118461-technote-esa-00.html

Hope to help.

0 Helpful
Customers Also Viewed These Support Documents