Руководство Пользователя для Cisco Cisco Web Security Appliance S170
25-37
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 25 Logging
Malware Scanning Verdict Values
Custom log fields can be any data from any header sent from the client or the server. If a request or
response does not include the header added to the log subscription, the log file includes a hyphen as the
log field value.
response does not include the header added to the log subscription, the log file includes a hyphen as the
log field value.
defines the syntax to use for access and W3C logs.
For example, if you want to log the If-Modified-Since header value in client requests, enter the following
text in the Custom Fields box for a W3C log subscription:
text in the Custom Fields box for a W3C log subscription:
cs(If-Modified-Since)
Malware Scanning Verdict Values
A malware scanning verdict is a value assigned to a URL request or server response that determines the
probability that it contains malware. The scanning engines return the malware scanning verdict to the
DVS engine so the DVS engine can determine whether to monitor or block the scanned object.
probability that it contains malware. The scanning engines return the malware scanning verdict to the
DVS engine so the DVS engine can determine whether to monitor or block the scanned object.
They are the result of proprietary calculations that associate a numerical value to the probability that
either the URL request or the response content contains malware. Each malware scanning verdict
corresponds to a malware category listed on the Access Policies > Reputation and Anti-Malware Settings
page when you edit the anti-malware settings for a particular Access Policy.
either the URL request or the response content contains malware. Each malware scanning verdict
corresponds to a malware category listed on the Access Policies > Reputation and Anti-Malware Settings
page when you edit the anti-malware settings for a particular Access Policy.
Both the Webroot and McAfee scanning engines can return malware scanning verdicts to the DVS
engine. For more information about how the DVS engine handles malware scanning verdicts, see
engine. For more information about how the DVS engine handles malware scanning verdicts, see
lists the different Malware Scanning Verdict Values and each malware category with which
they correspond.
Table 25-12
Configuring HTTP/HTTPS Headers in Log Files
Header Type
Access Log Format
Specifier Syntax
Specifier Syntax
W3C Log Custom Field Syntax
Header from the client application
%<ClientHeaderName:
cs(ClientHeaderName)
Header from the server
%<ServerHeaderName: sc(ServerHeaderName)
Table 25-13
Malware Scanning Verdict Values
Malware Scanning Verdict Value
Malware Category
-
Not Set
0 Unknown
1 Not
Scanned
2 Timeout
3 Error
4 Unscannable
10 Generic
Spyware
12
Browser Helper Object
13 Adware
14 System
Monitor
18
Commercial System Monitor