Cisco Cisco Web Security Appliance S160 Guía Del Usuario
21-37
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Log File Fields and Tags
Related Topics
•
•
.
Malware Scanning Verdict Values
A malware scanning verdict is a value assigned to a URL request or server response that determines the
probability that it contains malware. The Webroot, McAfee, and Sophos scanning engines return the
malware scanning verdict to the DVS engine so the DVS engine can determine whether to monitor or
block the scanned object. Each malware scanning verdict corresponds to a malware category listed on
the Access Policies > Reputation and Anti-Malware Settings page when you edit the anti-malware
settings for a particular Access Policy.
probability that it contains malware. The Webroot, McAfee, and Sophos scanning engines return the
malware scanning verdict to the DVS engine so the DVS engine can determine whether to monitor or
block the scanned object. Each malware scanning verdict corresponds to a malware category listed on
the Access Policies > Reputation and Anti-Malware Settings page when you edit the anti-malware
settings for a particular Access Policy.
The following list presents the different Malware Scanning Verdict Values and each corresponding
malware category:
malware category:
%X#3#
x-amp-score
Reputation score from Advanced Malware
Protection file scanning.
Protection file scanning.
This score is used only if the cloud reputation service
is unable to determine a clear verdict for the file.
is unable to determine a clear verdict for the file.
For details, see information about the Threat Score
and the reputation threshold in
and the reputation threshold in
%X#4#
x-amp-upload
Indicator of upload and analysis request:
“0” indicates that Advanced Malware Protection did
not request upload of the file for analysis.
not request upload of the file for analysis.
“1” indicates that Advanced Malware Protection did
request upload of the file for analysis.
request upload of the file for analysis.
%X#5#
x-amp-filename
The name of the file being downloaded and
analyzed.
analyzed.
%X#6#
x-amp-sha
The SHA-256 identifier for this file.
%y
cs-method
Method.
%Y
cs-url
The entire URL.
N/A
x-hierarchy-origin
Code that describes which server was contacted for
the retrieving the request content (for example,
DIRECT/www.example.com).
the retrieving the request content (for example,
DIRECT/www.example.com).
N/A
x-resultcode-httpstatus
Result code and the HTTP response code, with a
slash (/) in between.
slash (/) in between.
Format Specifier in
Access Logs
Access Logs
Log Field in W3C Logs
Description
Malware Scanning Verdict Value
Malware Category
-
Not Set
0 Unknown
1 Not
Scanned