Cisco Cisco Web Security Appliance S190 Guía Del Usuario
24-35
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 24 Logging
Access Log File
Anti-Malware Request Example
In the following example, the Webroot scanning engine scanned the URL request
and assigned a malware scanning verdict based on the URL request. Webroot is
the only scanning engine that scans a URL request. For more information about
Webroot scanning, see
and assigned a malware scanning verdict based on the URL request. Webroot is
the only scanning engine that scans a URL request. For more information about
Webroot scanning, see
In this example, “3.4” is the Web Reputation score, indicating to scan the website
for malware. Therefore, the Web Proxy passed the request to the DVS engine for
anti-malware scanning.
for malware. Therefore, the Web Proxy passed the request to the DVS engine for
anti-malware scanning.
The “Adware” value is the malware scanning verdict that Webroot passed to the
DVS engine. The “BLOCK_AMW_RESP_URL” ACL decision tag shows that
Webroot’s request-side checking of the URL produced this verdict. The remainder
of the fields show the malware name (“GAIN - Common Components”), threat
risk rating (“95”), threat ID (“37607”), and trace ID (“10”) values, which Webroot
derived from its evaluation. All of the McAfee and Sophos-related values are
empty (“-”) because neither the McAfee or Sophos scanning engine scanned the
URL request.
DVS engine. The “BLOCK_AMW_RESP_URL” ACL decision tag shows that
Webroot’s request-side checking of the URL produced this verdict. The remainder
of the fields show the malware name (“GAIN - Common Components”), threat
risk rating (“95”), threat ID (“37607”), and trace ID (“10”) values, which Webroot
derived from its evaluation. All of the McAfee and Sophos-related values are
empty (“-”) because neither the McAfee or Sophos scanning engine scanned the
URL request.
Anti-Malware Response Example
In the following example, the McAfee scanning engine scanned the server
response, assigned a malware scanning verdict based on the server response, and
blocked it from the user.
response, assigned a malware scanning verdict based on the server response, and
blocked it from the user.
1278106367.381 170 172.xx.xx.xx TCP_DENIED/403 1828 GET
http://www.gator.com/ - NONE/- -
BLOCK_AMW_RESP_URL_11-AccessPolicy-Identity-OMSPolicy-NONE-NONE-NONE
<IW_busi,3.4,"Adware","GAIN - Common
Components",95,37607,10,"-","-",-,-,-,"-","-","-","-","-",-,-,IW_busi
,-,"Adware","-","Unknown","Unknown","-","-",86.02,0,-,"-","-">
1278097193.276 51 172.xx.xx.xx TCP_DENIED/403 3122 GET
http://badsite.com/malware.exe - DIRECT/badsite.com
application/x-dosexec
BLOCK_AMW_RESP_11-AccessPol-Identity-NONE-NONE-NONE-DefaultGroup
<IW_infr,3.0,"Trojan Phisher","Trojan-Phisher-Gamec",0,354385,12559,
"-","-",-,-,-,"-","-","-","-","-",-,-,IW_infr,-,"Trojan
Phisher","-","Unknown","Unknown","-","-",489.73,0,[Local],"-","-"> -