Cisco Cisco Web Security Appliance S670 사용자 가이드

.

A malware scanning verdict is a value assigned to a URL request or server response that determines the 
probability that it contains malware. The Webroot, McAfee, and Sophos scanning engines return the 
malware scanning verdict to the DVS engine so the DVS engine can determine whether to monitor or 

%X#1# 

x-amp-verdict

Verdict from Advanced Malware Protection 
file scanning:

0: File is not malicious. 

1: File was not scanned because of its file type. 

2: File scan timed out. 

3: Scan error. 

Greater than 3: File is malicious. 

%X#2#

x-amp-malware-name

Threat name, as determined by Advanced Malware 
Protection file scanning. “-” indicates no threat.

%X#3# 

x-amp-score

Reputation score from Advanced Malware 
Protection file scanning. 

This score is used only if the cloud reputation service 
is unable to determine a clear verdict for the file. 

For details, see information about the Threat Score 
and the reputation threshold in 

%X#4#

x-amp-upload

Indicator of upload and analysis request: 

“0” indicates that Advanced Malware Protection did 
not request upload of the file for analysis. 

“1” indicates that Advanced Malware Protection did 
request upload of the file for analysis.

%X#5#

x-amp-filename

The name of the file being downloaded and 
analyzed.

%X#6#

x-amp-sha

The SHA-256 identifier for this file.

%y

cs-method

Method. 

%Y

cs-url

The entire URL. 

N/A

x-hierarchy-origin

Code that describes which server was contacted for 
the retrieving the request content (for example, 
DIRECT/www.example.com). 

N/A

x-resultcode-httpstatus

Result code and the HTTP response code, with a 
slash (/) in between.