This chapter contains information regarding antivirus log messages, including an example of an antivirus log message.
Antivirus log messages have a subtype called “infected”. Antivirus log messages inform you of viruses detected by your FortiMail unit.
Antivirus uses a dynamic error reporting scheme. This scheme is unable to create a definitive list of log messages that you may encounter. Errors are logged in a format similar to the following example.
You can cross-search an antivirus log message to get more information about it. For more information about log message cross search, see Log message cross search .
If you send the FortiMail log messages to a remote Syslog server (including FortiAnalyzer), an antivirus log would look like the following and the log fields would appear in the following order:
date=2012-07-24 time=17:07:42 device_id=FE100C3909600504 log_id=0100000924 type=virus subtype=infected pri=information from="email@example.com" to="firstname.lastname@example.org" src=172.20.140.94 session_id="q6OL7fsQ018870-q6OL7fsR018870" msg="The file inline-16-69.dat is infected with EICAR_TEST_FILE."