Cisco Cisco Web Security Appliance S670 User Guide
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
20-22
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 20 Monitor System Activity Through Logs
Interpreting Access Log Scanning Verdict Entries
10
-
%Xf
A value that McAfee uses as a scan error. Cisco IronPort Customer
Support may use this value when troubleshooting an issue.
Support may use this value when troubleshooting an issue.
Applies to responses detected by McAfee only.
11
-
%Xg
A value that McAfee uses as a detection type. Cisco IronPort
Customer Support may use this value when troubleshooting an
issue.
Customer Support may use this value when troubleshooting an
issue.
Applies to responses detected by McAfee only.
12
-
%Xh
A value that McAfee uses as a virus type. Cisco IronPort Customer
Support may use this value when troubleshooting an issue.
Support may use this value when troubleshooting an issue.
Applies to responses detected by McAfee only.
13
“-”
“%Xj”
The name of the virus that McAfee scanned.
Applies to responses detected by McAfee only.
14
-
%XY
The malware scanning verdict Sophos passed to the DVS engine.
Applies to responses detected by Sophos only.
For more information, see
15
-
%Xx
A value that Sophos uses as a scan return code. Cisco IronPort
Customer Support may use this value when troubleshooting an
issue.
Customer Support may use this value when troubleshooting an
issue.
Applies to responses detected by Sophos only.
16
“-”
“%Xy”
The file location where Sophos found the objectionable content.
For non-archive files, this value is the file name itself. For archive
file, it is the object in the archive, such as
For non-archive files, this value is the file name itself. For archive
file, it is the object in the archive, such as
archive.zip/virus.exe
.
Applies to responses detected by Sophos only.
17
“-”
“%Xz”
A value that Sophos uses as the threat name. Cisco IronPort
Customer Support may use this value when troubleshooting an
issue.
Customer Support may use this value when troubleshooting an
issue.
Applies to responses detected by Sophos only.
18
-
%Xl
The Cisco IronPort Data Security scan verdict based on the action
in the Content column of the Cisco IronPort Data Security Policy.
in the Content column of the Cisco IronPort Data Security Policy.
The following list describes the possible values for this field:
•
0. Allow
•
1. Block
•
- (hyphen). No scanning was initiated by the Cisco IronPort
Data Security Filters. This value appears when the Cisco
IronPort Data Security Filters is disabled or when the URL
category action is set to Allow.
Data Security Filters. This value appears when the Cisco
IronPort Data Security Filters is disabled or when the URL
category action is set to Allow.
Position
Field Value
Format Specifier Description