Querying Archive Areas

InterScan™ Messaging Security Appliance (IMSA) provides both quarantine and archive areas to store email messages and their attachments. When you select actions for a rule, you can intercept a message and quarantine it or archive it for reference later.

Trend Micro recommends archiving only items that you want to reference later. You should quarantine items that could pose a threat to your network, such as email messages and attachments that violated an antivirus rule.

To query archive areas:

  1. Choose Mail Areas & Queues > Query from the menu. The Quarantine tab displays by default.

  2. Click the Archive tab.

  3. Under Criteria, configure the following:

  4. Type values for the following:
     

  • Sender

  • Subject

  • Recipient

  • Attachment

  • Rule

  • Message ID

 

When querying an email containing multiple recipients or attachments, type *string* (where string is the name of one of the recipients or attachments).

 

  1. Click Display Log. The results appear at the bottom of the screen showing the timestamp, sender, recipient, subject and reason for archiving the message.

  2. To change the display, do any of the following:

  3. To view details about any archived message, click the timestamp for the item. The Archive Query screen appears showing the email message and all of its details.

  4. To delete any message, click the check box next to it in the query result table, and then click Delete.

 

IMSA only records and shows names of attachments if you have specified Attachment as a scanning condition. However, if the number of attachment in the email exceeds the maximum number specified in the condition, the attachment name will not be shown.

 

See also: