Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
27-7
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 27 Using Email Security Monitor
Email Security Monitor Pages
Categorizing Email
Messages reported in the Overview and Incoming Mail pages are categorized as follows:
Stopped by Reputation Filtering: All connections blocked by HAT policies multiplied by a fixed
multiplier (see
multiplier (see
) plus all recipients
blocked by recipient throttling.
Invalid Recipients: All recipients rejected by conversational LDAP rejection plus all RAT rejections.
Spam Messages Detected: The total count of messages detected by the anti-spam scanning engine as
positive or suspect and also those that were both spam and virus positive.
positive or suspect and also those that were both spam and virus positive.
Virus Messages Detected: The total count and percentage of messages detected as virus positive and
not also spam.
not also spam.
Note
If you have configured your anti-virus settings to deliver unscannable or encrypted messages, these
messages will be counted as clean messages and not virus positive. Otherwise, the messages are counted
as virus positive.
messages will be counted as clean messages and not virus positive. Otherwise, the messages are counted
as virus positive.
Detected by Advanced Malware Protection: A message attachment was found to be malicious by file
reputation filtering. This value does not include verdict updates or files found to be malicious by file
analysis.
reputation filtering. This value does not include verdict updates or files found to be malicious by file
analysis.
Messages with Malicious URLs: One or more URLs in the message were found to be malicious by URL
filtering.
filtering.
Stopped by Content Filter: The total count of messages that were stopped by a content filter.
Blocked by DMARC: The total count of messages that were stopped after DMARC verification.
Marketing Messages: The total count of marketing messages from legitimate sources, as determined by
anti-spam scanning. This item appears only if marketing data are present in the system.
anti-spam scanning. This item appears only if marketing data are present in the system.
Clean Messages: Mail that is accepted and is deemed to be virus and spam free — the most accurate
representation of clean messages accepted when taking per-recipient scanning actions (such as
splintered messages being processed by separate mail policies) into account. However, because
messages that are marked as spam or virus positive and still delivered are not counted, the actual number
of messages delivered may differ from the clean message count.
representation of clean messages accepted when taking per-recipient scanning actions (such as
splintered messages being processed by separate mail policies) into account. However, because
messages that are marked as spam or virus positive and still delivered are not counted, the actual number
of messages delivered may differ from the clean message count.
Note
Messages that match a message filter and are not dropped or bounced by the filter are treated as clean.
Messages dropped or bounced by a message filter are not counted in the totals.
Messages dropped or bounced by a message filter are not counted in the totals.
How Messages are Categorized
As messages proceed through the email pipeline, they can apply to multiple categories. For example, a
message can be marked as spam or virus positive, it can also match a content filter. The various verdicts
follow these rules of precedence: Outbreak Filters quarantining (in this case the message is not counted
until it is released from the quarantine and again processed through the work queue), followed by spam
positive, virus positive, and matching a content filter.
message can be marked as spam or virus positive, it can also match a content filter. The various verdicts
follow these rules of precedence: Outbreak Filters quarantining (in this case the message is not counted
until it is released from the quarantine and again processed through the work queue), followed by spam
positive, virus positive, and matching a content filter.
For example, if a message is marked as spam positive, and your anti-spam settings are set to drop spam
positive messages, the message is dropped and the spam counter is incremented. Further, if your
anti-spam settings are set to let the spam positive message continue on in the pipeline, and a subsequent
content filter drops, bounces, or quarantines the message, the spam count is still incremented. The
content filter count is only incremented if the message is not spam or virus positive.
positive messages, the message is dropped and the spam counter is incremented. Further, if your
anti-spam settings are set to let the spam positive message continue on in the pipeline, and a subsequent
content filter drops, bounces, or quarantines the message, the spam count is still incremented. The
content filter count is only incremented if the message is not spam or virus positive.