4.3 Quarantine
Quarantine is the safe storage for emails which were blocked or sanitized by MetaDefender Email Gateway Security.
For details about quarantine configuration see 3.6 Quarantine configuration.
The machine hosting the quarantine is safe from infections as long as items in the quarantine are not opened or executed.
Quarantine
The quarantine can be accessed under Quarantine in the Web Management Console.
Quarantine moved
Starting with MetaDefender Email Gateway Security version 4.7.0, the former Dashboard > Quarantine entry has been moved to the root level Quarantine menu entry.
Safety
Unless the malicious contents are opened or executed, the quarantine does not expose the hosting machine to risk.
Care must be taken when granting access to the quarantine as releasing or forwarding the items from the quarantine might cause harm.
Quarantining conditions
Blocked emails
If
-
the email's body and/or any of its attachments is blocked by MetaDefender Core and
-
the email matched by a security rule on MetaDefender Email Gateway Security that marks blocked emails to be quarantined,
then the original message is kept in the quarantine.
Sanitized emails
If
-
the email's body and/or any of its attachments is sanitized by MetaDefender Core and
-
the email is matched by a security rule on MetaDefender Email Gateway Security that marks sanitized items to be quarantined,
then the original message is kept in the quarantine.
Quarantine operations
Once an email is in quarantine, the following operations can be executed on it:
-
Download
-
Release
-
Forward
-
Pin
-
Delete
-
View details
Bulk operations
Use the checkbox in front of each row to select elements (or use the checkbox in the header row to select all visible items).
Only visible elements can be selected. Elements that are not visible (due to pagination, search or filtering) are not selected even by the select all checkbox.
Download
Download the selected original emails from the quarantine to the local hard drive.
The format of the downloaded emails is zipped MIME (.eml).
File naming
|
Component |
File name |
Extension |
|
Archive package |
EmailSecurity-Quarantine-<year>-<month>-<day>-<hour>-<minute>-<second> |
.zip |
|
Email file |
<subject>_<unique ID> |
.eml |
Release
Release the selected original emails from the quarantine and send them to the original recipients. The original emails are removed from the quarantine.
The recipients will receive the (potentially) malicious contents.
For this function to work correctly SMTP SERVER must be set under Notification and report settings on the Settings > Global settings tab. For details see 3.4 General settings.
Quarantining puts the original email into the quarantine and sends a notification or a disinfected/sanitized copy to the original recipient. As a result, releasing from the quarantine virtually duplicates the history entry for the quarantined email.
These duplicates are marked with a 
(paper plane) icon in front of the RECIPIENT(S) in Audit > Email history:
Forward
Send the selected original emails to additional recipient(s) (for investigation purposes, for example). The original emails remain in the quarantine.
The recipient(s) will receive the (potentially) malicious contents.
For this function to work correctly SMTP SERVER must be set under Notification and report settings on the Settings > Global settings tab. For details see 3.4 General settings.
Quarantining puts the original email into the quarantine and sends a notification or a disinfected/sanitized copy to the original recipient. As a result, forwarding from the quarantine virtually duplicates the history entry for the quarantined email.
These duplicates are marked with a 
(forward) icon in front of the RECIPIENT(S) in Audit > Email history:
Pin
Pinning prevents cleaning up an email from the quarantine by the manual or automatic clean-up mechanism. For details about automatic clean-up see the Data retention section in 3.4 General settings.
You can pin multiple emails simultaneously however unpinning an email is possible only per email. For unpinning you should click on the email and uncheck the checkbox next to Pinned.
Delete
Delete the original email from the quarantine.
Deleted emails can not be recovered.
Rescan
MetaDefender Email Gateway Security provides the capability to rescan emails that were previously blocked and ended up in the quarantine. After a rescan the email may be allowed and delivered normally. Some of the reasons why emails may be rescanned:
-
To process the email with updated scan engines that may not block the contents,
-
To process the email with an alternative rule that may give different results,
-
To sanitize a blocked email before releasing
-
-
To provide password for encrypted attachments and process the decrypted contents.
Select alternative rule for the rescan
Provide password for encrypted attachments
For further details see 4.7 Support for password protected attachments.
View details
Display:
-
The same details about the email as in Audit > Email history / Email details (see 4.4 Email history),
-
The raw email contents:
-
Email headers
-
Attachments
-
Content-Type
-
Filename
-
-
Raw email body
-
Quarantine reports
MetaDefender Email Gateway Security can be configured to periodically send report emails about the quarantine status.
To set up quarantine reports see 3.6 Quarantine configuration.
For this function to work correctly SMTP SERVER must be set under Notification and report settings on the Settings > Global settings tab. For details see 3.4 General settings.
A quarantine report email looks like the one below.
