Руководство Пользователя для Cisco Cisco Email Security Appliance C170

17-20

User Guide for AsyncOS 10.0 for Cisco Email Security Appliances

Chapter 17 File Reputation Filtering and File Analysis

Troubleshooting File Reputation and Analysis

•

Log Files, page 17-20

•

Using Trace, page 17-20

•

Several Alerts About Failure to Connect to File Reputation or File Analysis Servers, page 17-21

•

API Key Error (On-Premises File Analysis), page 17-21

•

Files are Not Uploaded As Expected, page 17-21

•

Alerts about File Types That Can Be Sent for Analysis, page 17-21

Log Files

In logs:

•

AMP

and

amp

refer to the file reputation service or engine.

•

Retrospective

refers to verdict updates.

•

VRT

and

sandboxing

refer to the file analysis service.

Information about Advanced Malware Protection including File Analysis is logged in AMP Engine
Logs..

File reputation filtering and analysis events are logged in AMP Engine logs and Mail logs.

In the log message “Response received for file reputation query” possible values for “upload action” are:

•

0: The file is known to the reputation service; do not send for analysis.

•

1: Send

•

2: The file is known to the reputation service; do not send for analysis.

For "Disposition" in mail logs:

•

1: No malware detected or presumed clean (treated as clean)

•

2: Clean

•

3: Malware

Spyname is threat name.

For more information on AMP Engine logs, see

Using AMP Engine Logs, page 39-31

Using Trace

Trace is not available for the file reputation filtering and analysis features. Instead, send a test message
from an account outside your organization.