14.3.1. Information stored about quarantined objects

The following meta-information is stored about the objects in the quarantine:

  • Client address: IP address and port of the client receiving the quarantined object.

  • Client zone: The zone that the client belongs to.

  • Date: Date when the object was quarantined.

  • Description: Detailed description of the verdict.

  • Direction: The direction the quarantined object was transferred (that is, upload or download).

  • Detected type: MIME-type of the quarantined object as detected by CF.

  • File: File name or URL of the quarantined object.

  • File ID: A unique identifier of the file in the quarantine.

  • From: The sender address (in case of e-mails).

  • Group: The user who tried to access the object belongs to the listed usergroups.

  • Kind: Kind of the quarantined content: file, e-mail, or newsnet post.

  • Method: The HTTP method (for example, GET, POST) in which the quarantined object was detected.

  • Program: The program that quarantined the object (usually CF or PNS).

  • Protocol: The protocol in which the quarantined object was found.

  • Proxy: Name of the proxy class that requested content vectoring on the quarantined object.

  • Recipient: The envelope recipient addresses of the object (only in SMTP).

  • Reason: The reason why the object was quarantined (for example, detected as virus, spam, and so on).

  • Rule group: The CF rule group that was stacked by the proxy.

  • Scanpath: The scanpath that quarantined the object.

  • Sender: The envelope sender address of the object (only in SMTP).

  • Server address: IP address and port of the server sending the quarantined object.

  • Server zone: The zone that the server belongs to.

  • Session ID: ID of the session which requested content vectoring on the quarantined object.

  • Size: Size of the object in bytes.

  • Spam status: Indicates if the e-mail is detected as spam.

  • Subject: The subject of the e-mail.

  • To: The recipient address (in case of e-mails).

  • Type: MIME-type of the quarantined object according to its MIME header.

  • User: Name of the user who tried to access (for example, download) the object.

  • Verdict: The decision that caused the object to be quarantined (for example, REJECT, ACCEPT_QUARANTINE, and so on)

  • Viruses: The virus(es) detected in the object.

Naturally, only the information relevant to the specific object is available, for example, an infected file downloaded through HTTP does not have subject, and so on.

Previous Up Next
 Home