Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2354
Views
0
Helpful
1
Replies

delay message and process again

Go to solution
daro
Level 1
Level 1

‎01-23-2017 12:51 AM

Hello,

is there someway to define an action to delay message for a certain time period and reprocess them again?

for example. I set condition as I like to forward the message to a special quarantine, that quarantine has a specific time range set in which the message gets scanned again.

basically something like "I am unsure if this message is malicious, so I will hold it back until new ruleset of whatever engine (CASE, Outbreak, etc.) arrive) OR basically a message filter command to put a message into the Outbreak Filter pipeline.

any ideas?

much appreciated

thank you

best regards

Daniel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-23-2017 05:49 AM

Hi Daniel,

I would recommend enabling AMP (File Analysis and File Reputation) feature to temporarily quarantine emails with attachment of unknown reputation. The emails are held in the file analysis quarantine for up to 1 hour (can be configured) while the attachment is analysed by the Cisco cloud server.

Please refer to Chapter 17 of the end user guide for information on the working of AMP.

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf

I currently do not see an option to re-direct emails to the outbreak quarantine, however, file analysis quarantine is designed to perform the task you are looking to accomplish.

Also, do note an email released from quarantine is not processed through the entire workqueue again.

• Messages released from Policy and Virus quarantines are rescanned by the anti-virus engine.
• Messages released from the Outbreak quarantine are rescanned by the anti-spam and anti-virus engines.
• Messages released from the File Analysis quarantine are rescanned for threats.
• Messages with attachments are rescanned by the file reputation service upon release from Policy, Virus, and Outbreak quarantines.

Thanks
Libin Varghese

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-23-2017 05:49 AM

Hi Daniel,

I would recommend enabling AMP (File Analysis and File Reputation) feature to temporarily quarantine emails with attachment of unknown reputation. The emails are held in the file analysis quarantine for up to 1 hour (can be configured) while the attachment is analysed by the Cisco cloud server.

Please refer to Chapter 17 of the end user guide for information on the working of AMP.

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf

I currently do not see an option to re-direct emails to the outbreak quarantine, however, file analysis quarantine is designed to perform the task you are looking to accomplish.

Also, do note an email released from quarantine is not processed through the entire workqueue again.

• Messages released from Policy and Virus quarantines are rescanned by the anti-virus engine.
• Messages released from the Outbreak quarantine are rescanned by the anti-spam and anti-virus engines.
• Messages released from the File Analysis quarantine are rescanned for threats.
• Messages with attachments are rescanned by the file reputation service upon release from Policy, Virus, and Outbreak quarantines.

Thanks
Libin Varghese

0 Helpful
Customers Also Viewed These Support Documents