The following meta-information is stored about the objects in the quarantine:
: It sets theIP address and the port of the client receiving the quarantined object.
: It is the zone that the client belongs to.
: It is the date when the object was quarantined.
: It provides a detailed description of the verdict.
: It is the direction the quarantined object was transferred to (that is,upload
ordownload
).CF.
: It is MIME-type of the quarantined object as detected by: It is the file name or URL of the quarantined object.
: It defines a unique identifier of the file in the quarantine.
: It sets the sender address (in case of e-mails).
: It is the user who tried to access the object belongs to the listed usergroups.
: It identifies the kind of the quarantined content:file
,e-mail
, ornewsnet post
.
: It is the HTTP method (for example,GET
,POST
) in which the quarantined object was detected.CF or PNS).
: It defines the program that quarantined the object (usually: It sets the protocol in which the quarantined object was found.
Content Filtering on the quarantined object.
: It is the name of the proxy class that requested: It is the envelope recipient addresses of the object (only in SMTP).
: It describes the reason why the object was quarantined (for example, detected as virus, spam, and so on).
CF rule group that was stacked by the proxy.
: It is the: It sets the scanpath that quarantined the object.
: It is the envelope sender address of the object (only in SMTP).
: It identifies the IP address and the port of the server sending the quarantined object.
: It sets the zone that the server belongs to.
Content Filtering on the quarantined object.
: It is the ID of the session which requested: It defines the Size of the object in bytes.
: It indicates if the e-mail is detected as spam.
: It describes the subject of the e-mail.
: It is the recipient address (in case of e-mails).
: It defines the MIME-type of the quarantined object according to its MIME header.
: It identifies the name of the user who tried to access (for example, download) the object.
: It is the decision that caused the object to be quarantined (for example,REJECT
,ACCEPT_QUARANTINE
, and so on): It describes the virus(es) detected in the object.
Naturally, only the information relevant to the specific object is available, for example, an infected file downloaded through HTTP does not have subject, and so on.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu