Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
39-31
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 39 Logging
Log Types
Initialization of File Reputation and File Analysis Servers
Wed Oct 5 15:17:31 2016 Info: File reputation service initialized successfully
Wed Oct 5 15:17:31 2016 Info: The following file type(s) can be sent for File Analysis:
Microsoft Windows / DOS Executable, Microsoft Office 97-2004 (OLE), Microsoft Office 2007+
(Open XML), Other potentially malicious file types, Adobe Portable Document Format (PDF).
To allow analysis of new file type(s), go to Security Services > File Reputation and
Analysis.
Wed Oct 5 15:17:31 2016 Info: File Analysis service initialized successfully
File Reputation Server Not Configured
Tue Oct 4 23:15:24 2016 Warning: MID 12 reputation query failed for attachment
'Zombies.pdf' with error "Cloud query failed"
Initialization of File Reputation Query
Fri Oct 7 09:44:04 2016 Info: File reputation query initiating. File Name = 'mod-6.exe',
MID = 5, File Size = 1673216 bytes, File Type = application/x-dosexec
Response Received for File Reputation Query from File Reputation Server
Fri Oct 7 09:44:06 2016 Info: Response received for file reputation query from Cloud. File
Name = 'mod-6.exe', MID = 5, Disposition = MALICIOUS, Malware = W32.061DEF69B5-100.SBX.TG,
Reputation Score = 73, sha256 =
061def69b5c100e9979610fa5675bd19258b19a7ff538b5c2d230b467c312f19, upload_action = 2
Statistic
Description
File Name
The name of the file whose SHA-256 hash identifier is sent to the file
reputation server.
reputation server.
If the file name is not available, it is termed as
unknown
.
MID
The Message ID used to track messages that flow through the email pipeline.
File Size
The size of the file whose SHA-256 hash identifier is sent to the file
reputation server.
reputation server.
File Type
The type of the file whose SHA-256 hash identifier is sent to the file
reputation server.
reputation server.
Following are the supported file types:
•
Microsoft Windows / DOS Executable
•
Microsoft Office 97-2004 (OLE)
•
Microsoft Office 2007+ (Open XML)
•
Other potentially malicious file types
•
Adobe Portable Document Format (PDF)
Statistic
Description
File Name
The name of the file whose SHA-256 hash identifier is sent to the file
reputation server.
reputation server.
If the file name is not available, it is termed as
unknown
.
MID
The message ID used to track messages that flow through the email pipeline.