Cisco Cisco Web Security Appliance S170 사용자 가이드

Custom log fields can be any data from any header sent from the client or the server. If a request or 
response does not include the header added to the log subscription, the log file includes a hyphen as the 
log field value.

 defines the syntax to use for access and W3C logs. 

For example, if you want to log the If-Modified-Since header value in client requests, enter the following 
text in the Custom Fields box for a W3C log subscription:

cs(If-Modified-Since)

 

A malware scanning verdict is a value assigned to a URL request or server response that determines the 
probability that it contains malware. The scanning engines return the malware scanning verdict to the 
DVS engine so the DVS engine can determine whether to monitor or block the scanned object.

They are the result of proprietary calculations that associate a numerical value to the probability that 
either the URL request or the response content contains malware. Each malware scanning verdict 
corresponds to a malware category listed on the Access Policies > Reputation and Anti-Malware Settings 
page when you edit the anti-malware settings for a particular Access Policy.

Both the Webroot and McAfee scanning engines can return malware scanning verdicts to the DVS 
engine. For more information about how the DVS engine handles malware scanning verdicts, see 

 lists the different Malware Scanning Verdict Values and each malware category with which 

they correspond. 

Header from the client application

%<ClientHeaderName:

cs(ClientHeaderName) 

Header from the server

%<ServerHeaderName: sc(ServerHeaderName)

-

Not  Set

0 Unknown

1 Not 

Scanned

2 Timeout

3 Error

4 Unscannable

10 Generic 

Spyware

12 

Browser Helper Object

13 Adware

14 System 

Monitor

18 

Commercial System Monitor