Cisco Cisco Web Security Appliance S670 User Guide
Chapter 24 Logging
Access Log File
24-30
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Understanding Scanning Verdict Information
The access log file entries aggregate and display the results of the various
scanning engines, such as URL filtering, Web Reputation filtering, and
anti-malware scanning. The appliance displays this information in angled
brackets at the end of each access log entry.
scanning engines, such as URL filtering, Web Reputation filtering, and
anti-malware scanning. The appliance displays this information in angled
brackets at the end of each access log entry.
The following text is the scanning verdict information from an access log file
entry. In this example, the Webroot scanning engine found the malware:
entry. In this example, the Webroot scanning engine found the malware:
Note
For an example of a whole access log file entry, see
describes the different fields in the scanning verdict information
section of each access log file entry.
<IW_infr,ns,"Trojan Phisher","Trojan-Phisher-Gamec",0,354385,12559,
"-","-",-,-,-,"-","-","-","-","-",-,-,IW_infr,-,"Trojan
Phisher","-","Unknown","Unknown","-","-",489.73,0,[Local],"-","-">
Table 24-8
Access Log File Entry — Scanning Verdict Information
Field Value
Description
IW_infr
The URL category assigned to the transaction, abbreviated. This field shows
“nc” when no category is assigned.
“nc” when no category is assigned.
For a list of URL category abbreviations, see
ns
Web Reputation filters score. This field either shows the score as a number,
“ns” for “no score,” or “dns” when there is a DNS lookup error.
“ns” for “no score,” or “dns” when there is a DNS lookup error.
Trojan Phisher
The malware scanning verdict Webroot passed to the DVS engine.
Applies to responses detected by Webroot only.
For more information, see
Trojan-Phisher-Gamec
Name of the spyware that is associated with the object.
Applies to responses detected by Webroot only.