Sophos X-header

Unanswered Question
Jun 10th, 2009

I haven't seen many infected mail come through so far. So I am not sure what this header means. I assume it means that Sophos found, and cleaned Troj/VB-EDF'3'rd.


X-IronPort-AV: E=Sophos;i="4.41,333,1241409600";
v="Troj/VB-EDF'3'rd";
d="txt'?exe'96?zip'96,48?scan'96,48,96,217,208,48";a="3033987"

:?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
steven_geerts Sat, 06/13/2009 - 21:28

Hi tbundy,

If I look at this, I suppose you are right (well, isn't that a valuable response....)

If you want to know more about this message and the actions taken by your device, you can use the findevent command on your CLI to see all loglines recorded for a specific message.
Normally the AV actions are also recorded here.

If you find your answer, please post it back. I have never looked after the loglines/headers for the AV scanner but it might be useful to know what is going on inside our little Ironport boxes :lol:

Steven

Actions

This Discussion