New here and new to Ironport. Using C360 with ASynchOS 7.0. I have a few questions I hope you can point me in the right direction....
1. Is it recommended to allow users quarantine access to release mails held in for example, encrypted or image analysis quarantines? My organisation is about 1000 users over 2 locations, and my boss thinks this could be a good idea - I don't Does this functionality require an LDAP server in place to work with AD?
2. Is there any metrics anywhere that might indicate the expected overhead (if any) on incoming emails with Image Analysis turned on. Boxes in live without Image Analysis are running at only 3 % approx
Appreciate any replies or advice in advance
We don't use any self-service as yet so I can't advise on that. There might be a log term that you could search for in order to list all self-service releases from a particular quarantine, but obviously my logs won't contain it.
If it was previously acceptable to block all graphic attachments, why not strip them instead? This isn't as straightforward as it might seem when you take into account ambiguous formats such as PDF. PPS? - we just reject them with our "can't read your multimedia" notification, as the ratio of even slightly relevant presentations to jokes appears to be in excess of 500:1. YMMV.
I don't know about encrypted connections but we do take a harsh line on encrypted content; if the AV can't scan it then again the message is rejected with a notification. Our quick and dirty solution for those late-working senior staff is based around the premise that they are mostly dealing with legal firms with better protection than our own; once we've established that, we add the firm's domain to a "trusted" policy so that anything other than a positive virus will be delivered; an actual virus naturally sends us a notice rather being dropped as would be the case with any other sender. I don't recommend this if you have any concern that someone might guess and forge mail from one of your trusted senders.
Notifications? - I roll my own. I'm sure we all know the basic principles, but for any group members that don't: keep it brief, formal, polite and as simple as possible. Sign it so it's plain that it's an automated system that's replying. Weigh up the chances of creating backscatter against the opportunity of steering your hapless sender in a useful direction, whilst making less work for yourself. Always strip out everything that would make you valuable as a relay.