Navigate to Services > Email Services > Anti-Malware.
Click the Malware Release tab
Enter the Pen number of the virus. - The Pen number is found in the malware administrator alert.
Click Search. A pop-up appears with details of the quarantined email.
Locate the required entry, and then click Release on the right.
Read the disclaimer that appears, and then click Release. A confirmation message appears, and the quarantined email is delivered to the intended recipient(s).
Request that Symantec release otherwise unreleasable email
If you cannot release email from a virus pen, you can ask Symantec to release the otherwise unreleasable messages.
Note: Before making your request, ensure that you have read and understand the entirety of this article.
Symantec does not approve and perform every release request. For the safety of others, Symantec is unlikely to release the quarantined message from the virus pen if the message was originally for a domain other than one associated with your organization's account, of if the message has confirmed malware attached.
There are two options:
Symantec can investigate and release the email if it is clean
Virus Pen ID (available in the alert notification)
Tower/Mail Server (available in the alert notification)
Original Intended Recipient
Release Virus to Email Address (if not the same as the Original Intended Recipient)
Email Address ( of the contact signing the release paperwork )
Save your changes, and then attach the file to your support case.
Frequently asked questions (FAQ's)
Q: How does Email Security.cloud behave when it detects a threat within a message?
When Email Security.cloud intercepts a threat in an email, it places the infected email into a holding pen.
Within Email Track and Trace, the Delivered column remains "Not Delivered" and the Service column displays "Anti-Malware".
Within Email Track and Trace, the name of the virus is logged as "Reason" in the Summary of the message.
Email Security.cloud sends a notification from firstname.lastname@example.org to the original recipient and the administrator of the domain protected by Email Security.cloud. This notification has the Subject "Subject: WARNING: Someone tried to send you a potential virus or unauthorized code", and contains the following:
Sending server IP address:
A line similar to the following, which explains where the email message was quarantined:
Email quarantined on mail server server-x.tower-xxx.messagelabs.com (Pen ID xxxxxx_xxxxxxxxxx)
The infected email is stored for up to 30 days before it is deleted. This quarantine period ensures that the virus is isolated and cannot infect the intended recipient's computer.
Q: How many days do items stay in virus pens?
Items stay in virus pens for 30 days.
Q: What conditions cause an item in a virus pen to be unreleasable?
The item contains confirmed malware, such as a mass-mailing virus.
Recipients were BCCs, and not the original recipient address.
The email is an outbound email.
The user doesn't have the correct permissions to be able to release items from quarantine.
Q: In instances where Symantec agrees to manually release a message from a virus pen, what form does the release take?
Once Symantec manually releases a message from a virus pen, the message has the following email characteristics:
Recipient: (an email address at a domain protected by Email Security.cloud which your organization controls)
Subject: *WARNING: INFECTED MESSAGE RELEASED FROM MESSAGELABS*
Imported Document ID: HOWTO109647
Release form for requesting manual release of an email message from Antivirus quarantine