A system, method and computer program product are provided for network-based scanning for potentially malicious content. Incoming and/or outgoing network communications traveling over a network are monitored, preferably at a gateway. Potentially malicious content in the network communications is identified. The identified potentially malicious content of the network communications is quarantined to help prevent damage that could be caused if the content is indeed malicious. In one embodiment, a pattern for testing the potentially malicious content network communications for malicious code can be executed. The network communications are conditionally delivered over the network based on the testing. In other embodiments, the network communications are delivered over the network after a predetermined delay and/or upon receiving a user request to release the suspect content from quarantine.