backup local quarantines

Greg Howley · ‎02-10-2015

I have noticed that enabling Outbreak filters deletes all email from local quarantines. Is there a way to back these up prior to enabling? We hold some email for up to 30 days in quarantines and some of our users may need access to this email.

Robert Sherwin · ‎02-10-2015

When you say 'local quarantines' - do you have an SMA also in environment?

There is not a way to backup the mail in quarantines, as the appliance is not meant to be used for retention purposes. Unfortunately for the Outbreak Quarantine - that not able to be set for retention periods. The mail that is suspect via VOF is placed in the quarantine and then released based on the VOF rules --- subject to rescan upon release.

For the other quarantines - if you wanted to increase the retention period, you can do so, but just keep in mind that the longer the retention period, the greater chance of increase for reporting and message keeping = increase on performance, especially if you have large message/user base that takes advantage of these quarantines.

-Robert

Cheers,
Robert Sherwin

Greg Howley · ‎02-10-2015

We have some local quarantines based on content filters (ie: we store some things short term in a specific quarantine on the ESA for a Forensics group). Enabling the Centralized quarantine on our SMA for Outbreak Filters deletes all the email in them. I will have to negotiate forwarding the emails to them before enabling Centralized Outbreak quarantine in production.

Ken Stieers · ‎02-10-2015

Greg,

Look into migrating your policy quarantine: Page 188 of this pdf.

http://www.cisco.com/c/dam/en/us/td/docs/security/security_management/sma/sma9-0/SMA_9-0_User_Guide.pdf

I specifically beta tested this for its first release...

Ken