Guest

Preview Tool

Cisco Bug: CSCvi65382 - We want to send a message to quarantine when AMP qualifies it as Malicious

Last Modified

Mar 29, 2018

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

11.0.0-264

Description (partial)

Symptom:
We would like to have an option in AMP File Reputation service to send a message to quarantine whenever the attachment is malicious (also after re-scanning by outbreak filters). We cannot to achieve this using content filters.

Conditions:
We want to send a message to quarantine when AMP qualifies it as Malicious. We are able to achieve this using custom headers and content filters. Hovwever it won't work if we enable "Outbreak filters". Based on Mail Flow diagram from ESA Admin Guide, content filters do not start if message is rescanned after passing retention time (in first scan file disposition is unknown, after rescan - mailcious). So message with mailcious attachment will be delivered.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.