Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

8195 - MESGID_INFECT_MIME_NOTIF

8195 - MESGID_INFECT_MIME_NOTIF

Message ID: 8195

Message Description: MESGID_INFECT_MIME_NOTIF

Message Meaning: MIME header infected and passed

Type: Virus

Category: infected

Severity: Notice

Log Field Name

Description

Data Type

Length

vrf

uint16

3

virusid

Virus ID (unique virus identifier)

uint32

10

viruscat

string

32

virus

Virus Name

string

128

vd

VDOM name

string

32

user

Username (authentication)

string

256

url

The URL address

string

512

unauthusersource

string

66

unauthuser

string

66

tz

Time Zone

string

5

type

Log type

string

16

trueclntip

ip

39

transid

uint32

10

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

time

Time

string

8

subtype

Subtype of the virus log

string

20

subservice

string

16

subject

string

256

srcuuid

string

37

srcport

Source Port

uint16

5

srcname

string

64

srcmac

string

17

srcip

Source IP Address

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source Interface

string

32

srcdomain

string

255

srccountry

string

64

sharename

string

256

sessionid

Session ID

uint32

10

service

Proxy service which scanned this traffic

string

5

sender

Email address from the SMTP envelope

string

128

referralurl

string

512

ref

The URL of the FortiGuard IPS database entry for the attack

string

512

recipient

Email addresses from the SMTP envelope

string

512

rawdata

string

20480

quarskip

Quarantine skip explanation

string

46

psrcport

uint16

5

proto

Protocol number

uint8

3

profile

The name of the profile that was used to detect and take action

string

64

poluuid

string

37

policytype

string

24

policymode

string

8

policyid

Policy ID

uint32

10

pdstport

uint16

5

pathname

string

256

msg

Log message

string

4096

messageid

string

256

logid

Log ID

string

10

level

Log level

string

11

itype

string

16

icbverdict

string

5

icbseverity

string

11

icbfiletype

string

10

icbfileid

string

65

icbconfidence

string

6

icbaction

string

7

httpmethod

string

20

group

Group name (authentication)

string

512

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

forwardedfor

string

128

filetype

File type

string

16

filename

File name

string

256

filehashsrc

Used by Outbreak Prevention External Hash: external source that provided the hash signature

string

32

filehash

Used by Outbreak Prevention External Hash: the hash signature used in the detection

string

64

fctuid

Forticlient user ID

string

32

eventtype

Event type of AV

string

32

eventtime

Time when detection occured

uint64

20

dtype

Data type for virus category

string

32

dstuuid

string

37

dstuser

string

256

dstport

Destination Port

uint16

5

dstip

Destination IP Address

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

32

dstcountry

string

64

dstauthserver

string

64

direction

Message/packets direction

string

8

devid

string

16

date

Date

string

10

crscore

Threat Weight Score

uint32

10

crlevel

Threat Weight Level

string

10

craction

Threat Weight action

uint32

10

contentdisarmed

Content Disarm action- eg. disarmed, detected

string

13

checksum

The checksum of the scanned file

string

16

cdrcontent

string

256

cc

string

512

authserver

Server used to authenticate the involved user

string

64

attachment

string

3

analyticssubmit

The flag for analytics submission

string

10

analyticscksum

The checksum of the file submitted for analytics

string

64

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

action

The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

string

18

8195 - MESGID_INFECT_MIME_NOTIF

8195 - MESGID_INFECT_MIME_NOTIF

Message ID: 8195

Message Description: MESGID_INFECT_MIME_NOTIF

Message Meaning: MIME header infected and passed

Type: Virus

Category: infected

Severity: Notice

Log Field Name

Description

Data Type

Length

vrf

uint16

3

virusid

Virus ID (unique virus identifier)

uint32

10

viruscat

string

32

virus

Virus Name

string

128

vd

VDOM name

string

32

user

Username (authentication)

string

256

url

The URL address

string

512

unauthusersource

string

66

unauthuser

string

66

tz

Time Zone

string

5

type

Log type

string

16

trueclntip

ip

39

transid

uint32

10

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

time

Time

string

8

subtype

Subtype of the virus log

string

20

subservice

string

16

subject

string

256

srcuuid

string

37

srcport

Source Port

uint16

5

srcname

string

64

srcmac

string

17

srcip

Source IP Address

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source Interface

string

32

srcdomain

string

255

srccountry

string

64

sharename

string

256

sessionid

Session ID

uint32

10

service

Proxy service which scanned this traffic

string

5

sender

Email address from the SMTP envelope

string

128

referralurl

string

512

ref

The URL of the FortiGuard IPS database entry for the attack

string

512

recipient

Email addresses from the SMTP envelope

string

512

rawdata

string

20480

quarskip

Quarantine skip explanation

string

46

psrcport

uint16

5

proto

Protocol number

uint8

3

profile

The name of the profile that was used to detect and take action

string

64

poluuid

string

37

policytype

string

24

policymode

string

8

policyid

Policy ID

uint32

10

pdstport

uint16

5

pathname

string

256

msg

Log message

string

4096

messageid

string

256

logid

Log ID

string

10

level

Log level

string

11

itype

string

16

icbverdict

string

5

icbseverity

string

11

icbfiletype

string

10

icbfileid

string

65

icbconfidence

string

6

icbaction

string

7

httpmethod

string

20

group

Group name (authentication)

string

512

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

forwardedfor

string

128

filetype

File type

string

16

filename

File name

string

256

filehashsrc

Used by Outbreak Prevention External Hash: external source that provided the hash signature

string

32

filehash

Used by Outbreak Prevention External Hash: the hash signature used in the detection

string

64

fctuid

Forticlient user ID

string

32

eventtype

Event type of AV

string

32

eventtime

Time when detection occured

uint64

20

dtype

Data type for virus category

string

32

dstuuid

string

37

dstuser

string

256

dstport

Destination Port

uint16

5

dstip

Destination IP Address

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

32

dstcountry

string

64

dstauthserver

string

64

direction

Message/packets direction

string

8

devid

string

16

date

Date

string

10

crscore

Threat Weight Score

uint32

10

crlevel

Threat Weight Level

string

10

craction

Threat Weight action

uint32

10

contentdisarmed

Content Disarm action- eg. disarmed, detected

string

13

checksum

The checksum of the scanned file

string

16

cdrcontent

string

256

cc

string

512

authserver

Server used to authenticate the involved user

string

64

attachment

string

3

analyticssubmit

The flag for analytics submission

string

10

analyticscksum

The checksum of the file submitted for analytics

string

64

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

action

The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

string

18