Руководство Пользователя для Cisco Cisco Email Security Appliance C170
28-8
Cisco AsyncOS 9.1 for Email User Guide
Chapter 28 Using Email Security Monitor
Email Security Monitor Pages
Notes on Counting Messages in Email Security Monitor
The method Email Security Monitor uses to count incoming mail depends on the number of recipients
per message. For example, an incoming message from example.com sent to three recipients would count
as three messages coming from that sender.
per message. For example, an incoming message from example.com sent to three recipients would count
as three messages coming from that sender.
Because messages blocked by sender reputation filtering do not actually enter the work queue, the
appliance does not have access to the list of recipients for an incoming message. In this case, a multiplier
is used to estimate the number of recipients. This multiplier was determined by Cisco and based upon
research of a large sampling of existing customer data.
appliance does not have access to the list of recipients for an incoming message. In this case, a multiplier
is used to estimate the number of recipients. This multiplier was determined by Cisco and based upon
research of a large sampling of existing customer data.
Categorizing Email
Messages reported in the Overview and Incoming Mail pages are categorized as follows:
Stopped by Reputation Filtering: All connections blocked by HAT policies multiplied by a fixed
multiplier (see
multiplier (see
) plus all recipients
blocked by recipient throttling.
Invalid Recipients: All recipients rejected by conversational LDAP rejection plus all RAT rejections.
Spam Messages Detected: The total count of messages detected by the anti-spam scanning engine as
positive or suspect and also those that were both spam and virus positive.
positive or suspect and also those that were both spam and virus positive.
Virus Messages Detected: The total count and percentage of messages detected as virus positive and
not also spam.
not also spam.
Note
If you have configured your anti-virus settings to deliver unscannable or encrypted messages, these
messages will be counted as clean messages and not virus positive. Otherwise, the messages are counted
as virus positive.
messages will be counted as clean messages and not virus positive. Otherwise, the messages are counted
as virus positive.
Detected by Advanced Malware Protection: A message attachment was found to be malicious by file
reputation filtering. This value does not include verdict updates or files found to be malicious by file
analysis.
reputation filtering. This value does not include verdict updates or files found to be malicious by file
analysis.
Messages with Malicious URLs: One or more URLs in the message were found to be malicious by URL
filtering.
filtering.
Stopped by Content Filter: The total count of messages that were stopped by a content filter.
Stopped by DMARC: The total count of messages that were stopped after DMARC verification.
S/MIME Verification/Decryption Failed: The total count of messages that failed S/MIME verification,
decryption, or both.
decryption, or both.
Marketing Messages: The total count of marketing messages from legitimate sources, as determined by
anti-spam scanning. This item appears only if marketing data are present in the system.
anti-spam scanning. This item appears only if marketing data are present in the system.
S/MIME Verification/Decryption Successful: The total count of messages that were successfully
verified, decrypted, or decrypted and verified using S/MIME.
verified, decrypted, or decrypted and verified using S/MIME.
Clean Messages: Mail that is accepted and is deemed to be virus and spam free — the most accurate
representation of clean messages accepted when taking per-recipient scanning actions (such as
splintered messages being processed by separate mail policies) into account. However, because
messages that are marked as spam or virus positive and still delivered are not counted, the actual number
of messages delivered may differ from the clean message count.
representation of clean messages accepted when taking per-recipient scanning actions (such as
splintered messages being processed by separate mail policies) into account. However, because
messages that are marked as spam or virus positive and still delivered are not counted, the actual number
of messages delivered may differ from the clean message count.