Message ID: 8200
Message Description: MESGID_MIME_FILETYPE_EXE_WARNING
Message Meaning: File is an executable (warning)
Type: Virus
Category: filetype-executable
Severity: Warning
|
Log Field Name |
Description |
Data Type |
Length |
|---|---|---|---|
|
action |
The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis |
string |
18 |
|
agent |
User agent - eg. agent="Mozilla/5.0" |
string |
1024 |
|
analyticscksum |
The checksum of the file submitted for analytics |
string |
64 |
|
analyticssubmit |
The flag for analytics submission |
string |
10 |
|
attachment |
|
string |
3 |
|
authserver |
Server used to authenticate the involved user |
string |
64 |
|
cc |
|
string |
512 |
|
checksum |
The checksum of the scanned file |
string |
16 |
|
craction |
Threat Weight action |
uint32 |
10 |
|
crlevel |
Threat Weight Level |
string |
10 |
|
crscore |
Threat Weight Score |
uint32 |
10 |
|
date |
Date |
string |
10 |
|
devid |
|
string |
16 |
|
direction |
Message/packets direction |
string |
8 |
|
dstauthserver |
|
string |
64 |
|
dstcountry |
|
string |
64 |
|
dstintf |
Destination Interface |
string |
32 |
|
dstintfrole |
Destination Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
|
dstip |
Destination IP Address |
ip |
39 |
|
dstport |
Destination Port |
uint16 |
5 |
|
dstuser |
|
string |
256 |
|
dstuuid |
|
string |
37 |
|
dtype |
Data type for virus category |
string |
32 |
|
eventtime |
Time when detection occured |
uint64 |
20 |
|
eventtype |
Event type of AV |
string |
32 |
|
fctuid |
Forticlient user ID |
string |
32 |
|
filename |
File name |
string |
256 |
|
forwardedfor |
|
string |
128 |
|
from |
Email address from the Email Headers (IMAP/POP3/SMTP) |
string |
128 |
|
group |
Group name (authentication) |
string |
512 |
|
httpmethod |
|
string |
20 |
|
level |
Log level |
string |
11 |
|
logid |
Log ID |
string |
10 |
|
msg |
Log message |
string |
4096 |
|
pdstport |
|
uint16 |
5 |
|
policyid |
Policy ID |
uint32 |
10 |
|
policymode |
|
string |
8 |
|
policytype |
|
string |
24 |
|
poluuid |
|
string |
37 |
|
profile |
The name of the profile that was used to detect and take action |
string |
64 |
|
proto |
Protocol number |
uint8 |
3 |
|
psrcport |
|
uint16 |
5 |
|
quarskip |
Quarantine skip explanation |
string |
46 |
|
recipient |
Email addresses from the SMTP envelope |
string |
512 |
|
referralurl |
|
string |
512 |
|
sender |
Email address from the SMTP envelope |
string |
128 |
|
service |
Proxy service which scanned this traffic |
string |
5 |
|
sessionid |
Session ID |
uint32 |
10 |
|
srccountry |
|
string |
64 |
|
srcdomain |
|
string |
255 |
|
srcintf |
Source Interface |
string |
32 |
|
srcintfrole |
Source Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
|
srcip |
Source IP Address |
ip |
39 |
|
srcport |
Source Port |
uint16 |
5 |
|
srcuuid |
|
string |
37 |
|
subject |
|
string |
256 |
|
subservice |
|
string |
16 |
|
subtype |
Subtype of the virus log |
string |
20 |
|
time |
Time |
string |
8 |
|
to |
Email address(es) from the Email Headers (IMAP/POP3/SMTP) |
string |
512 |
|
trueclntip |
|
ip |
39 |
|
type |
Log type |
string |
16 |
|
tz |
Time Zone |
string |
5 |
|
unauthuser |
|
string |
66 |
|
unauthusersource |
|
string |
66 |
|
user |
Username (authentication) |
string |
256 |
|
vd |
VDOM name |
string |
32 |
|
vrf |
|
uint8 |
3 |