Cisco Cisco Web Security Appliance S170 사용자 가이드

The access log file records the information returned by the Web Reputation Filters and the DVS engine 
for each transaction. The scanning verdict information section in the access logs includes many fields to 
help understand the cause for the action applied to a transaction. For example, some fields display the 
web reputation score or the malware scanning verdict Sophos passed to the DVS engine. 

For more information about the scanning verdict information section in the access log file, see 

.

For more information about reading access log files, see 

. For more an 

example access log entry that explains web reputation processing, see 

When Adaptive Scanning is enabled, you can use the fields in 

 to learn more information about 

how the adaptive scanning engine affected transactions. 

Transactions blocked and monitored by the adaptive scanning engine use the following ACL decision 
tags: 

BLOCK_AMW_RESP

MONITOR_AMW_RESP

Notes about how AsyncOS use the cache while scanning for malware:

AsyncOS only caches objects if the entire object downloads. If malware is blocked during scanning, 
the whole object is not downloaded and therefore is not cached.

AsyncOS scans content whether it is retrieved from the server or from the web cache.

The length of time that content is cached varies with many factors -- there is no default. 

AsyncOS rescans content when signatures are updated.

%X6

x-as-malware-threat-name

The anti-malware name returned by Adaptive 
Scanning. If the transaction is not blocked, this field 
returns a hyphen (“-”).

This variable is included in the scanning verdict 
information (in the angled brackets at the end of each 
access log entry).