Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

Sophos X-header

I haven't seen many infected mail come through so far. So I am not sure what this header means. I assume it means that Sophos found, and cleaned Troj/VB-EDF'3'rd.


X-IronPort-AV: E=Sophos;i="4.41,333,1241409600";
v="Troj/VB-EDF'3'rd";
d="txt'?exe'96?zip'96,48?scan'96,48,96,217,208,48";a="3033987"

:?

1 REPLY
New Member

Re: Sophos X-header

Hi tbundy,

If I look at this, I suppose you are right (well, isn't that a valuable response....)

If you want to know more about this message and the actions taken by your device, you can use the findevent command on your CLI to see all loglines recorded for a specific message.
Normally the AV actions are also recorded here.

If you find your answer, please post it back. I have never looked after the loglines/headers for the AV scanner but it might be useful to know what is going on inside our little Ironport boxes :lol:

Steven

260
Views
0
Helpful
1
Replies