Cisco Cisco Email Security Appliance C190 Betriebsanweisung
13-3
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 13 SenderBase Network Participation
explain a sample log entry in a “human-friendly” format.
Table 13-1
Statistics Shared Per Cisco IronPort Appliance
Item
Sample Data
MGA Identifier
MGA 10012
Timestamp
Data from 8 AM to 8:05 AM on July 1, 2005
Software Version Numbers
MGA Version 4.7.0
Rule Set Version Numbers
Anti-Spam Rule Set 102
Anti-virus Update Interval
Updates every 10 minutes
Quarantine Size
500 MB
Quarantine Message Count
50 messages currently in quarantine
Virus Score Threshold
Send messages to quarantine at threat level 3 or
higher
higher
Sum of Virus Scores for messages entering
quarantine
quarantine
120
Count of messages entering quarantine
30 (yields average score of 4)
Maximum quarantine time
12 hours
Count of Outbreak quarantine messages broken
down by why they entered and exited quarantine,
correlated with Anti-Virus result
down by why they entered and exited quarantine,
correlated with Anti-Virus result
50 entering quarantine due to .exe rule
30 leaving quarantine due to manual release, and all
30 were virus positive
30 were virus positive
Count of Outbreak quarantine messages broken
down by what action was taken upon leaving
quarantine
down by what action was taken upon leaving
quarantine
10 messages had attachments stripped after leaving
quarantine
quarantine
Sum of time messages were held in quarantine
20 hours
Table 13-2
Statistics Shared Per IP Address
Item
Sample Data
Message count at various stages within the appliance
Seen by Anti-Virus engine: 100
Seen by Anti-Spam engine: 80
Sum of Anti-Spam and Anti-Virus scores and verdicts
2,000 (sum of anti-spam scores for all messages
seen)
seen)
Number of messages hitting different Anti-Spam and
Anti-Virus rule combinations
Anti-Virus rule combinations
100 messages hit rules A and B
50 messages hit rule A only
Number of Connections
20 SMTP Connections
Number of Total and Invalid Recipients
50 total recipients
10 invalid recipients
Hashed Filename(s):
(a)
A file <one-way-hash>.pif was found
inside an archive attachment called
<one-way-hash>.zip.