Lesson 13

Using System Quarantines and

Delivery Methods
Overview
This lesson describes how to use system quarantines and delivery methods.

Objectives
Upon completing this lesson, you will be able to use system quarantines and delivery methods.
This ability includes being able to meet these objectives:
Describe quarantine types and how to create and manage quarantines
Configure and assign bounce profiles
Set delivery limits
Create virtual gateways
Understand the benefits of centralized policy, virus, and outbreak quarantines
Quarantine Overview
This topic provides an overview of quarantines.

System quarantines are ideal for these purposes:

Policy enforcement: Have human resources or the legal department review messages that
contain offensive or confidential information before delivering the messages.
Virus quarantine: Store messages marked as not scannable (or encrypted, infected, and so on)
by the antivirus scanning engine.
Outbreak filters quarantine: Hold messages flagged by the outbreak filters feature until a
virus update is released.
Spam quarantine: Spam quarantine is a special kind of quarantine that is used to hold spam or
suspected spam messages for end users. End users are mail users, outside of Cisco AsyncOS.
You can have a local spam quarantine stored on the Cisco appliance.
Mbox Log Files: You can archive messages that the system has identified as containing or
possibly containing viruses to the avarchive directory. The format is an mbox-format log file.
You must configure an antivirus archive log subscription to archive messages with viruses or
messages that could not be completely scanned. The mbox format is a standard UNIX mailbox
format.
When a Cisco Email Security Appliance (ESA) detects possible spam, malware, or content that is
not allowed by your organization in incoming or outgoing messages, the Cisco ESA can send those
messages to a quarantine instead of deleting the messages immediately. A quarantine holds the
messages safely on the Cisco ESA or a Cisco Content Security Management Appliance (SMA) for
a time, to allow a human being to review the messages or to await an update that will better
evaluate the safety of the message.
 Message filter actions (and content filter actions) can quarantine to these locations:
Mbox format mailboxes stored on the appliance: Administrators can retrieve and manipulate
data using FTP.
Policy system quarantines: Administrators can view, test for viruses, release,