5.17. Quarantine reports

Overview

Quarantine reports are intended to lower the load on Email Gateway Security operations by delegating certain quarantine related tasks to the recipient of the quarantined item.

Example

Based on permissions, certain groups at an organization may be authorized to release the original copy of their quarantined email.

Workflow

Quarantine reports work the following way:

  1. At the configured time Email Gateway Security sends a report email to the configured recipients (administrator reports) or the recipient of the quarantined email (user reports).
    For details see 4.13. Quarantine reports.
    images/download/attachments/8464780/image-20210428-081858.png

  2. Clicking the actions link takes the user to Email Gateway Security’s quarantine actions page.
    images/download/attachments/8464780/image-20210428-082027.png

  3. Based on the report type and the permissions set in the report, different functions may be available in the quarantine actions page.

Supported functions

Quarantine reports and the quarantine actions page currently support the following functions on quarantined emails:

  • Rescan quarantined email

  • Delete quarantined email

  • Deliver quarantined email

Rescan quarantined email

This action initiates a rescan of the email.

If the rescan result is allowed this time, then the email is processed and delivered according to the security rules applied to the email.

Rationale

The rationale of this action is to process the email with updated scan engines that may not block the contents any more.

images/download/attachments/8464780/image-20210428-082424.png

Delete quarantined email

This action deletes the email from the quarantine.

Automatic quarantine cleanup

Please note that Email Gateway Security can automatically clean-up the quarantine, so there is no need for manual cleanup of quarantined emails.

Automatic clean up of the quarantine can be configured under Settings > Data retention / Quarantine cleanup schedule.

images/download/attachments/8464780/image-20210428-082456.png

Deliver quarantined email

Delivers the original, potentially malicious copy of the email from quarantine.

Risk of malicious content

The original copy delivered from the quarantine may include malicious contents.

Depending on the quarantine report type all original recipients (administrator reports) or only the report recipient (user reports) will receive the original copy.

For details see 4.13. Quarantine reports.

images/download/attachments/8464780/image-20210428-082528.png

Notes

Actions link expiry time

Link expiry time for Actions links in user type reports actions can be set in General > General / Rescan link availability.

Administrator reports links do not expire.

Risks of malware outbreak

Users can release potentially malicious emails from the quarantine using Deliver quarantined email action.

Action availability period

If the report allows a user action when at the time of sending the report, then the user can take the action until the link expires.

There is no way to recall an action until the Actions link expires.