08-24-2020 03:58 AM
I just read through the AsyncOS release notes and stumbeled across this:
Prior to this release, if a spam positive message is identified as outbreak positive by Outbreak Filters, the message was sent to Outbreak Quarantine. After you upgrade to this release, if a spam positive message is identified as outbreak positive by Outbreak Filters, the message is not sent to Outbreak Quarantine.
I hope you are not being serious here, Cisco? Messages released from the Spam Quarantine proceed directly to the destination queue, skipping any further work queue processing in the email pipeline. With this change, spam mails that could potentially be harmful outbreaks, phishing attacks etc. will no longer be scanned. End users releasing these mails from their spam quarantine -> disaster waiting to happen.
Please comment, Cisco. Thank you.
08-24-2020 06:25 AM
08-24-2020 07:47 AM - edited 08-24-2020 07:49 AM
Thanks @charella, but I still have an issue with your given example:
* Example: 1st pass through the system = spam positive | TOF positive > final result is spam positive action.
In this case, a positively identified phish would end up in spam. From where it can be released by the end user.
I guess I don't understand how Cisco can mix up all these terms (as per your TOF description: Spam, Phishing, Scam) and treat them equally. A spam is an annoyance, a phish poses a real threat. Yet it's treated the same as spam and can easily end up in a user's mailbox. Sorry for being blunt, but that is pretty bad design, if you ask me.
To make matters worse, regarding to your documentation, mails released from the spam quarantine are going straight to the delivery queue, skipping the work queue. In other words, released spams are neither checked for viruses again (regardless of how long that mail was kept in the spam quarantine) nor is it run against outbreak filters again. I would consider this behavior a bug and vulnerability.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide