Fields specific to the "l_smtp", "l_pop3", "l_ftp" and "l_web" logs
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs, Network traffic, Web and E-mails.
|
filename |
Name of the file scanned by the sandboxing option. String of characters in UTF-8 format. Example: "mydocument.doc" |
| File name | |
|
filetype |
Type of file scanned by the sandboxing option. This may be a document (word processing, table, presentation, etc), a Portable Document Format file (PDF - Adobe Acrobat), and executable file or an archive. Value: "document", "pdf", "executable", "archive". |
| File type | |
|
hash |
Results of the file content hash (SHA2 method) String of characters in UTF-8 format. Example: "f4d1be410a6102b9ae7d1c32612bed4f12158df3cd1ab6440a9ac0cad417446d" |
| Hash | |
|
sandboxinglevel |
Indicates the level of the file's infection on a scale of 0 to 100. Value: "0" (clean) to "100" (malicious). |
| Sandboxing score | |
|
sandboxing |
Classification of the file according to the sandboxing option. Value: "clean", "suspicious", "malicious", "unknown", «forward", "failed".
Sandboxing indicates a "clean", "suspicious" or "malicious" status if the file has already been scanned and classified. The "unknown" status is returned if sandboxing does not know the file concerned. In this case, the whole file will be sent to the firewall to be scanned. |
| Sandboxing |