Cisco Cisco Web Security Appliance S670 User Guide

10

-

%Xf

A value that McAfee uses as a scan error. Cisco IronPort Customer 
Support may use this value when troubleshooting an issue.

Applies to responses detected by McAfee only.

11

-

%Xg

A value that McAfee uses as a detection type. Cisco IronPort 
Customer Support may use this value when troubleshooting an 
issue.

Applies to responses detected by McAfee only.

12

-

%Xh

A value that McAfee uses as a virus type. Cisco IronPort Customer 
Support may use this value when troubleshooting an issue.

Applies to responses detected by McAfee only.

13

“-”

“%Xj”

The name of the virus that McAfee scanned. 

Applies to responses detected by McAfee only.

14

-

%XY

The malware scanning verdict Sophos passed to the DVS engine.

Applies to responses detected by Sophos only.

For more information, see 

15

-

%Xx

A value that Sophos uses as a scan return code. Cisco IronPort 
Customer Support may use this value when troubleshooting an 
issue.

Applies to responses detected by Sophos only.

16

“-”

“%Xy”

The file location where Sophos found the objectionable content. 
For non-archive files, this value is the file name itself. For archive 
file, it is the object in the archive, such as 

archive.zip/virus.exe

.

Applies to responses detected by Sophos only.

17

“-”

“%Xz”

A value that Sophos uses as the threat name. Cisco IronPort 
Customer Support may use this value when troubleshooting an 
issue.

Applies to responses detected by Sophos only.

18

-

%Xl

The Cisco IronPort Data Security scan verdict based on the action 
in the Content column of the Cisco IronPort Data Security Policy. 

The following list describes the possible values for this field:

0. Allow

1. Block

- (hyphen). No scanning was initiated by the Cisco IronPort 
Data Security Filters. This value appears when the Cisco 
IronPort Data Security Filters is disabled or when the URL 
category action is set to Allow.