Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
4-13
AsyncOS 10.0 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
Categorizing Email Messages on the Overview Page
Messages reported in the Incoming Mail Summary on the Overview report page are categorized as
follows:
follows:
Table 4-4
Email Categories on Overview Page
Category
Description
Stopped by Reputation
Filtering
Filtering
All connections blocked by HAT policies multiplied by a fixed multiplier
(see the
(see the
plus all recipients blocked by recipient throttling.
The value for Stopped by Reputation Filtering is calculated based on several
factors:
factors:
•
Number of “throttled” messages from this sender
•
Number of rejected or TCP refused connections (may be a partial count)
•
A conservative multiplier for the number of messages per connection
When the appliance is under heavy load, an exact count of rejected
connections is not maintained on a per-sender basis. Instead, rejected
connections counts are maintained only for the most significant senders in
each time interval. In this situation, the value shown can be interpreted as a
“floor”; that is, at least this many messages were stopped.
connections is not maintained on a per-sender basis. Instead, rejected
connections counts are maintained only for the most significant senders in
each time interval. In this situation, the value shown can be interpreted as a
“floor”; that is, at least this many messages were stopped.
The Stopped by Reputation Filtering total on the Overview page is always
based on a complete count of all rejected connections. Only the per-sender
connection counts are limited due to load.
based on a complete count of all rejected connections. Only the per-sender
connection counts are limited due to load.
Invalid Recipients
All mail recipients rejected by conversational LDAP rejection plus all RAT
rejections.
rejections.
Spam Messages
Detected
Detected
The total count of messages detected by the anti-spam scanning engine as
positive or suspect. Additionally, messages that are both spam and virus
positive.
positive or suspect. Additionally, messages that are both spam and virus
positive.
Virus Messages
Detected
Detected
The total count and percentage of messages detected as virus positive and not
also spam.
also spam.
The following messages are counted in the “Virus Detected” category:
•
Messages with a virus scan result of “Repaired” or “Infectious”
•
Messages with a virus scan result of “Encrypted” when the option to
count encrypted messages as containing viruses is selected
count encrypted messages as containing viruses is selected
•
Messages with a virus scan result of “Unscannable” when the action for
unscannable messages is NOT “Deliver”
unscannable messages is NOT “Deliver”
•
Messages with a virus scan result of “Unscannable” or “Encrypted”
when the option to deliver to an alternate mail host or an alternate
recipient is selected
when the option to deliver to an alternate mail host or an alternate
recipient is selected
•
Messages that are deleted from the Outbreak quarantine, either
manually or by timing out.
manually or by timing out.
Detected by Advanced
Malware Protection
Malware Protection
A message attachment was found to be malicious by file reputation filtering.
This value does not include verdict updates or files found to be malicious by
file analysis.
This value does not include verdict updates or files found to be malicious by
file analysis.