14.3.1. Information stored about quarantined objects

The following meta-information is stored about the objects in the quarantine:

  • Client address: It sets theIP address and the port of the client receiving the quarantined object.

  • Client zone: It is the zone that the client belongs to.

  • Date: It is the date when the object was quarantined.

  • Description: It provides a detailed description of the verdict.

  • Direction: It is the direction the quarantined object was transferred to (that is, upload or download).

  • Detected type: It is MIME-type of the quarantined object as detected by CF.

  • File: It is the file name or URL of the quarantined object.

  • File ID: It defines a unique identifier of the file in the quarantine.

  • From: It sets the sender address (in case of e-mails).

  • Group: It is the user who tried to access the object belongs to the listed usergroups.

  • Kind: It identifies the kind of the quarantined content: file, e-mail, or newsnet post.

  • Method: It is the HTTP method (for example, GET, POST) in which the quarantined object was detected.

  • Program: It defines the program that quarantined the object (usually CF or PNS).

  • Protocol: It sets the protocol in which the quarantined object was found.

  • Proxy: It is the name of the proxy class that requested Content Filtering on the quarantined object.

  • Recipient: It is the envelope recipient addresses of the object (only in SMTP).

  • Reason: It describes the reason why the object was quarantined (for example, detected as virus, spam, and so on).

  • Rule group: It is the CF rule group that was stacked by the proxy.

  • Scanpath: It sets the scanpath that quarantined the object.

  • Sender: It is the envelope sender address of the object (only in SMTP).

  • Server address: It identifies the IP address and the port of the server sending the quarantined object.

  • Server zone: It sets the zone that the server belongs to.

  • Session ID: It is the ID of the session which requested Content Filtering on the quarantined object.

  • Size: It defines the Size of the object in bytes.

  • Spam status: It indicates if the e-mail is detected as spam.

  • Subject: It describes the subject of the e-mail.

  • To: It is the recipient address (in case of e-mails).

  • Type: It defines the MIME-type of the quarantined object according to its MIME header.

  • User: It identifies the name of the user who tried to access (for example, download) the object.

  • Verdict: It is the decision that caused the object to be quarantined (for example, REJECT, ACCEPT_QUARANTINE, and so on)

  • Viruses: It describes the virus(es) detected in the object.

Naturally, only the information relevant to the specific object is available, for example, an infected file downloaded through HTTP does not have subject, and so on.