Google Message Security for Google Apps Administration Guide User Manual

186

Message Security for Google Apps Administration Guide

Messages are held in the Early-Detection Quarantine for 8 hours to allow time for
virus-definition files to be updated, and then those messages are scanned again
for viruses based on the updated definitions. Those messages are then disposed
of according to your Virus Blocking settings.

Administrators and users who have access to the Pending tab in Message Center
can see messages in the Early-Detection Quarantine.

If you don’t provide access to Message Center (for example, to prevent users
from forwarding possible viruses from the Pending tab), you can view these
messages in your own administrative quarantine by using the Early Detection
(Pending) filter. For information about viewing your administrative quarantine, see
“Access a Quarantine” on page 75.

Headers for messages in the Early-Detection Quarantine include the following
line:

X-pstn-neptune-cave-rslt: pbox

Early-Detection Filtering is targeted to the following situations:

•

You want to let executable files pass through your email system. You can
configure Attachment Manager to let executable files through, and have Early-
Detection Filtering examine those files for viruses. Files that are virus infected
are disposed of per your Virus Blocking settings, and clean files are allowed
through to their destinations.

•

Implementations of the message security system that do not include
Attachment Manager. In this case, you can use Early-Detection Filtering to
scan messages for harmful attachments.

•

Low-volume or target-specific attacks (for example, if a small number of your
users are the subject of an attack by messages with virus payloads).