Manualsbrain.com
  1. Manuais
  2. Marcas
  3. Cisco
  4. Cisco Web Security Appliance S170
  5. Guia Do Utilizador

Cisco Cisco Web Security Appliance S170 Guia Do Utilizador

Download
Página de 619
 
24-25
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
 
Chapter 24      Logging
Access Log File
Web Reputation Filters Example
In the following example, the URL request was allowed because the URL’s Web Reputation score was 
high enough to qualify to be allowed without being scanned for malware. 
In this example, “6.5” is the Web Reputation score. The hyphen “
-
” values indicate the request was not 
forwarded to the DVS engine for anti-malware scanning. The ACL decision tag “ALLOW_WBRS” 
indicates that the request was allowed, and therefore not forwarded for anti-malware scanning, based on 
this Web Reputation score.
Anti-Malware Request Example
In the following example, the Webroot scanning engine scanned the URL request and assigned a 
malware scanning verdict based on the URL request. Webroot is the only scanning engine that scans a 
URL request. For more information about Webroot scanning, see 
In this example, “3.4” is the Web Reputation score, indicating to scan the website for malware. 
Therefore, the Web Proxy passed the request to the DVS engine for anti-malware scanning.
The 13 value corresponds to “Adware” which is the malware scanning verdict that Webroot passed to the 
DVS engine. The “BLOCK_AMW_REQ_URL” ACL decision tag shows that Webroot’s request-side 
checking of the URL produced this verdict. The remainder of the fields show the malware name (“GAIN 
- Common Components”), threat risk rating (“95”), threat ID (“37607”), and trace ID (“10”) values, 
which Webroot derived from its evaluation. All of the McAfee and Sophos-related values are empty (“-”) 
because neither the McAfee or Sophos scanning engine scanned the URL request.
Anti-Malware Response Example
In the following example, the McAfee scanning engine scanned the server response, assigned a malware 
scanning verdict based on the server response, and blocked it from the user. 
The following list explains the values in this access log entry that show that this transaction was blocked 
based on the result of the Webroot scanning engine:
  •
TCP_DENIED. The website was denied due to Access Policies.
1278100150.818 1303 172.xx.xx.xx TCP_MISS/200 46578 GET http://www.cisco.com/ - 
DIRECT/www.cisco.com - ALLOW_WBRS_11-AccessPolicy-Identity-NONE-NONE-NONE-DefaultGroup 
<IW_comp,6.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_comp,-,"-","-","Unknown","Un
known","-","-",285.97,0,-,[Local],"-","-"> -
1278106367.381 170 172.xx.xx.xx TCP_DENIED/403 1828 GET http://www.gator.com/ - NONE/- - 
BLOCK_AMW_REQ_URL_11-AccessPolicy-Identity-OMSPolicy-NONE-NONE-NONE 
<IW_busi,3.4,13,"GAIN - Common 
Components",95,37607,10,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_busi,-,"Adware","-","Unknown"
,"Unknown","-","-",86.02,0,-,[Local],"-","-">
1278097193.276 51 172.xx.xx.xx TCP_DENIED/403 3122 GET http://badsite.com/malware.exe - 
DIRECT/badsite.com application/x-dosexec 
BLOCK_AMW_RESP_11-AccessPol-Identity-NONE-NONE-NONE-DefaultGroup 
<IW_infr,3.0,24,"Trojan-Phisher-Gamec",0,354385,12559,
 
-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_infr,-,"Trojan 
Phisher","-","Unknown","Unknown","-","-",489.73,0,[Local],"-","-"> -