Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1059
Views
0
Helpful
1
Replies

Virus Outbreak Filter basics

Lynn Albitz
Level 1
Level 1

‎06-23-2011 12:33 PM

We just implemented a pilot of the Virus Outbreak Filters.  How can you track items that were caught and released by the outbreak filters?  Once they are out of the quarantines, I can't seem to find the message details. I can see reports with numbers but not specifics.  Thanks.

Labels:
0 Helpful
1 Reply 1

Christopher Smith
Level 4
Level 4

‎06-23-2011 01:21 PM

Hi Lynn,

You can track information related to these messages via the mail logs on your appliance. When a message is tagged for VOF quarantine you will see something similar to this.

"Message quarantined in the Outbreak quarantine as a result of rule 'ADAPTIVE_RULE".

When the message is released you would see something similar to this.

released from quarantine Outbreak after XXXXXXX seconds. Reason: expiration

where XXXXXXX is a numeric value in seconds. If the message is manually release of course the Reason code would state that.

In both cases you should see a MID for the message which you can use to search for specifics,

example.com> grep

Currently configured logs:

16. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll

Enter the number of the log you wish to grep.
[]> 16

Enter the regular expression to grep.
[]> MID 565566

Do you want this search to be case insensitive? [Y]>

Do you want to tail the logs? [N]>

Do you want to paginate the output? [N]>

Christopher C Smith
CSE
Cisco IronPort Customer Support 

0 Helpful
Customers Also Viewed These Support Documents