Searching outgoing virus positive messages

Unanswered Question
Oct 13th, 2009
User Badges:

Hi all

I need to find the source IP of the outgoing virus positive messages sent through my ironports.

On the outgoing senders statistics i can find some virus positives but i cannot find them on the message tracking.

I've activated the mail policies to be notified about outgoing virus positive messages when it is detected.

But, for example, last week on the outgoing statistics there appear 3 virus detected but only one notification. And cannot find them on the message tracking.

What could be the problem?

Thanks all!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Andrew Wurster Wed, 10/14/2009 - 18:59
User Badges:

two major possible problems i can think of:

1) the ESA handles so much mail that tracking data can not hold enough historical data on the system to return any search results

2) the search is perhaps malformed or incorrect and not returning any data.

in any case - check your mail_logs for a definitive answer. if the time doesn't go far back enough - copy the logs through FTP / SCP to another box and you use your own parsing tools to look through the data off-box.

if you can include anything you have from the mail_logs then i'm sure we can help.



This Discussion