Cisco Cisco Web Security Appliance S660 Guida Utente

.

A malware scanning verdict is a value assigned to a URL request or server response that determines the 
probability that it contains malware. The Webroot, McAfee, and Sophos scanning engines return the 
malware scanning verdict to the DVS engine so the DVS engine can determine whether to monitor or 
block the scanned object. Each malware scanning verdict corresponds to a malware category listed on 
the Access Policies > Reputation and Anti-Malware Settings page when you edit the anti-malware 
settings for a particular Access Policy.

The following list presents the different Malware Scanning Verdict Values and each corresponding 
malware category: 

%X#3# 

x-amp-score

Reputation score from Advanced Malware 
Protection file scanning. 

This score is used only if the cloud reputation service 
is unable to determine a clear verdict for the file. 

For details, see information about the Threat Score 
and the reputation threshold in 

%X#4#

x-amp-upload

Indicator of upload and analysis request: 

“0” indicates that Advanced Malware Protection did 
not request upload of the file for analysis. 

“1” indicates that Advanced Malware Protection did 
request upload of the file for analysis.

%X#5#

x-amp-filename

The name of the file being downloaded and 
analyzed.

%X#6#

x-amp-sha

The SHA-256 identifier for this file.

%y

cs-method

Method. 

%Y

cs-url

The entire URL. 

N/A

x-hierarchy-origin

Code that describes which server was contacted for 
the retrieving the request content (for example, 
DIRECT/www.example.com). 

N/A

x-resultcode-httpstatus

Result code and the HTTP response code, with a 
slash (/) in between.

-

Not  Set

0 Unknown

1 Not 

Scanned