search cancel

Message with attachment is not delivered and Message Audit Log verdict shows "Suspected virus"


Article ID: 171107


Updated On:


Messaging Gateway


An internal user has sent an outbound message with an attachment, but the message has not been delivered. The Message Audit Logs show delivery information, but the verdict contains "Suspected virus" and the action is "Hold message in Suspect Virus Quarantine."


Symantec Messaging Gateway can quarantine the suspicious messages that might contain viruses, the delivery information will indicate that the message was delivered to the Control Center quarantine at port 41025.

Messages are held in Suspect Virus Quarantine for the period of time that you specify (6 hours by default). Then the messages are released and re-scanned unless you take manual action. This delay provides time for Symantec to release updated virus definitions with which to scan the suspicious attachments.


No action is necessary. The message is automatically released after the configured delay time, and is re-scanned.

If you want to take manual action on the message before the delay time elapses, you can either Release or Delete the message from the Suspect Virus Message Quarantine in the Control Center.

For more information on the Suspect Virus Quarantine, see About quarantining suspected viruses.