Querying Quarantine Areas

InterScan™ Messaging Security Appliance (IMSA) provides both quarantine and archive areas to store email messages and their attachments. When you select actions for a rule, you can intercept a message and quarantine it or archive it for reference later.

Trend Micro recommends quarantining items that could pose a risk to your network, such as messages and attachments that violate antivirus rules. Before you resend any quarantined message, make sure that it does not pose a threat to your network.

To query quarantine areas:

  1. Choose Mail Areas & Queues > Query from the menu. The Quarantine tab displays by default. If it does not display, click Quarantine.

  2. Under Criteria, configure the following:

  3. Type values for the following:
     

  • Sender

  • Subject

  • Recipient

  • Attachment

  • Rule

  • Message ID

 

When querying an email containing multiple recipients or attachments, type *string* (where string is the name of one of the recipients or attachments).

 

  1. Click Display Log. The results appear at the bottom of the screen showing the timestamp, sender, recipient, subject and reason for quarantining the message.

  2. To change the display, do any of the following:

  3. To view details about any quarantined message, click the timestamp for the item. The Quarantine Query screen appears showing the email message and all of its details.

  4. To resend any message, click the check box next to it in the query result table, and then click Release. Trend Micro does not recommend resending email messages that violated antivirus filters. Doing so could put your network at risk.

  5. To delete any message,  click the check box next to it in the query result table, and then click Delete.

 

IMSA only records and shows names of attachments if you have specified Attachment as a scanning condition. However, if the number of attachment in the email exceeds the maximum number specified in the condition, the attachment name will not be shown.

 

See also: