Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Searching outgoing virus positive messages

Hi all

I need to find the source IP of the outgoing virus positive messages sent through my ironports.

On the outgoing senders statistics i can find some virus positives but i cannot find them on the message tracking.

I've activated the mail policies to be notified about outgoing virus positive messages when it is detected.

But, for example, last week on the outgoing statistics there appear 3 virus detected but only one notification. And cannot find them on the message tracking.

What could be the problem?

Thanks all!

New Member

Re: Searching outgoing virus positive messages

two major possible problems i can think of:

1) the ESA handles so much mail that tracking data can not hold enough historical data on the system to return any search results

2) the search is perhaps malformed or incorrect and not returning any data.

in any case - check your mail_logs for a definitive answer. if the time doesn't go far back enough - copy the logs through FTP / SCP to another box and you use your own parsing tools to look through the data off-box.

if you can include anything you have from the mail_logs then i'm sure we can help.