cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1049
Views
0
Helpful
1
Replies

Virus Outbreak Filter basics

Lynn Albitz
Level 1
Level 1

We just implemented a pilot of the Virus Outbreak Filters.  How can you track items that were caught and released by the outbreak filters?  Once they are out of the quarantines, I can't seem to find the message details. I can see reports with numbers but not specifics.  Thanks.

1 Reply 1

Hi Lynn,

You can track information related to these messages via the mail logs on your appliance. When a message is tagged for VOF quarantine you will see something similar to this.

"Message quarantined in the Outbreak quarantine as a result of rule 'ADAPTIVE_RULE".

When the message is released you would see something similar to this.

released from quarantine Outbreak after XXXXXXX seconds. Reason: expiration

where XXXXXXX is a numeric value in seconds. If the message is manually release of course the Reason code would state that.

In both cases you should see a MID for the message which you can use to search for specifics,

example.com> grep

Currently configured logs:

16. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: FTP Poll

Enter the number of the log you wish to grep.
[]> 16

Enter the regular expression to grep.
[]> MID 565566

Do you want this search to be case insensitive? [Y]>

Do you want to tail the logs? [N]>

Do you want to paginate the output? [N]>

Christopher C Smith
CSE
Cisco IronPort Customer Support 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: