F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
76
When pop is used, the URL is “pop://POP user name@POP server name:port number”.
When smtp is used, the URL is “mail:destination”.
•
User
name
Displays the user name when proxy authentication is used.
“-“ is recorded if authentication is not used.
•
Hierarchy
code
Returns “[Hierarchy string]/IP address of destination”.
[Hierarchy string] is not used. “DIRECT” is always used.
•
Content-Type
Displays the Content-Type of the file to be transferred. “-“ is used when not available.
•
Detection
information
"DETECT-STAT:[Detection results]:[Virus name]:[File name]:[Quarantined file name]::"
is
returned.
Detection results
Either INFECTED (Virus detected), SPAM (Spam detected), or CLEAN (No virus
detected)
Virus name
Name of the virus
File name
Name of the file being transferred
Quarantined file
name
The name of the file as it is stored in the quarantine directory
This is set only if the quarantine of infected files is enabled.
•
Action
"ACTION:[Action]:"
is returned.
Action
Either of the following actions are returned according to the detection results:
・
NONE Nothing is done (No detection)
・
PASS Detected but passed (logged)
・
DELETE Deleted (If SMTP is used, a notification is sent to
・
the recipient after the file is deleted)
・
DENY Detected with SMTP and blocked
・
SENDBACK Notification sent to the sender with SMTP
・
BLACKHOLE Deleted with SMTP (no notification to the sender)
・
CHANGE_SUBJECT Spam detected with SMTP and the subject is
・
changed
•
Proxy
information
"PROXY-STAT:[Service type]:[Internal process ID]:[Process ID] :[IP address of
host]:[Number of processed files]:[Number of checks]:[Detection time]:[Detection details]:"
is returned.
Service type
Indicates the service type (http, smtp, pop, ftp)
Internal process ID
Indicates the internal process ID (identifier starts with 0) used for the process.
In general, smaller numbers have higher priority.
[internal process ID]+1) applies to the simultaneous number of connections during
startup of the corresponding access.
Process ID
Indicates the process ID that is used for the process
IP Address of host
Indicates the IP Address of the host
Number of
processed files
Indicates the number of requests processed in the same session. Starts with 1 and
increments by 1 for each access log generated in the same session. For POP, 1 is
always used.
Number of checks
The number of virus checks executed in one connection
(the number applies to the number of times since the last time an access log was