Cisco Bug: CSCvi65382 - We want to send a message to quarantine when AMP qualifies it as Malicious
Mar 29, 2018
- Cisco Email Security Appliance
Known Affected Releases
Symptom: We would like to have an option in AMP File Reputation service to send a message to quarantine whenever the attachment is malicious (also after re-scanning by outbreak filters). We cannot to achieve this using content filters. Conditions: We want to send a message to quarantine when AMP qualifies it as Malicious. We are able to achieve this using custom headers and content filters. Hovwever it won't work if we enable "Outbreak filters". Based on Mail Flow diagram from ESA Admin Guide, content filters do not start if message is rescanned after passing retention time (in first scan file disposition is unknown, after rescan - mailcious). So message with mailcious attachment will be delivered.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases