This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does anyone know the UTM email protection Mail Manager scan order and if it rescans quarantine queues?

Does anyone know the UTM email protection Mail Manager scan order?

A user received a quarantine report which listed an email quarantined as SPAM.  I've seen the quarantine report emailand can confirm that the Reason was given as Spam.

They reported to our Service Desk that they didn't want the mail but when our Service Desk opened Mail manager as admin to delete the mail it had been quarantined as Malware (TR/Dropper.VB).

Anyone know why this would be the case?  Does UTM rescan mails in quarantine and move them to different queues?  The mail came in at 14:21 yesterday but the quarantine report went out at 0800 today.

Also to confirm, we only allow users to release Spam, Expression and Other quarantined mails.  Definately not Malware.

thanks

mark



This thread was automatically locked due to age.
Parents
  • Hi Mark,

    If an email comes out of the quarantine (marked as "Spam", released by user), a virusscan is forced. If there is a virus the mail goes back to quarantine as "Malware".

    It's a nice feature because the signatures are updated often.

     

    I think there is a description of the scan order in "utm support engineer" handout.

    CS

     

    Sophos Certified Architect (UTM + XG)

Reply
  • Hi Mark,

    If an email comes out of the quarantine (marked as "Spam", released by user), a virusscan is forced. If there is a virus the mail goes back to quarantine as "Malware".

    It's a nice feature because the signatures are updated often.

     

    I think there is a description of the scan order in "utm support engineer" handout.

    CS

     

    Sophos Certified Architect (UTM + XG)

Children
  • Thanks for the reply.  and cool profile pic.  Can't beat a bit of Lemmy.

    I'm told that it wasn't realeased and that it appeared to jump queues from Spam to Malware presumably through automatic reassessment?  I'm waiting to get confirmation about that though.  I'm hoping though that the user did click to release the mail before speaking to Service Desk because that fits your explanation  :)

  • yes just had confirmation that the user did in fact try to release the mail before contacting Service Desk so that's cleared that up.  Thanks for the help :)