Classifier
The classifier field is in every FortiMail log message where type=statistics.
The field indicates which FortiMail features scanned the email and resulted in actions that were recorded in the disposition field.
If you view the log messages on the FortiMail GUI or send the logs to a FortiAnalyzer, then dispositions and classifiers are displayed as a description such as Fragmented Email. Raw log files, however, display them as hexadecimal numbers.
The following tables correlate the hexadecimal numbers with their description in English.
|
Hex. Number |
Classifier |
Hex. Number |
Classifier |
|---|---|---|---|
|
0x00 |
Undefined |
0x2A |
Message Cryptography |
|
0x01 |
User Safe |
0x2B |
Delivery Control |
|
0x02 |
User Discard |
0x2C |
Encrypted Content |
|
0x03 |
System Safe |
0x2D |
SPF Failure as Spam |
|
0x04 |
System Discard |
0x2E |
Fragmented Email |
|
0x05 |
RBL |
0x2F |
Email Contains Image |
|
0x06 |
SURBL |
0x30 |
Content Requires Encryption |
|
0x07 |
FortiGuard AntiSpam |
0x31 |
FortiGuard AntiSpam Black IP |
|
0x08 |
FortiGuard AntiSpam-Safe |
0x32 |
Session Remote |
|
0x09 |
Bayesian |
0x33 |
FortiGuard Phishing |
|
0x0A |
Heuristic |
0x34 |
AntiVirus |
|
0x0B |
Dictionary Scanner |
0x35 |
Sender Address Rate Control |
|
0x0C |
Banned Word |
0x36 |
SMTP Auth Failure |
|
0x0D |
Deep Header |
0x37 |
Access Control List Reject |
|
0x0E |
Forged IP (before FortiMail 5.2) |
0x38 |
Access Control List Discard |
|
0x0F |
Quarantine Control |
0x39 |
Access Control List Bypass |
|
0x10 |
Tagged virus (before FortiMail 4.3) |
0x3A |
FortiGuard Antispam Webfilter |
|
0x11 |
Attachment Filter If this classifier exists, then the |
0x3B |
Newsletter Suspicious |
|
0x12 |
Grey List |
0x3C |
TLS Streaming |
|
0x13 |
Bypass Scan On Auth |
0x3D |
Policy Match |
|
0x14 |
Disclaimer |
0x3E |
Dynamic Safe List |
|
0x15 |
Defer Delivery |
0x3F |
Sender Verification |
|
0x16 |
Session Domain |
0x40 |
Behavior Analysis |
|
0x17 |
Session Limits |
0x41 |
FortiGuard Spam Outbreak |
|
0x18 |
Session Safe |
0x42 |
Newsletter |
|
0x19 |
Session Block |
0x43 |
DMARC |
|
0x1A |
Content Monitor and Filter |
0x44 |
File Signature |
|
0x1B |
Content Monitor as Spam |
0x45 |
Sandbox |
|
0x1C |
Attachment as Spam |
0x46 |
Malware Outbreak |
|
0x1D |
Image Spam |
0x47 |
DLP Filter |
|
0x1E |
Sender Reputation |
0x48 |
DLP Treated as Spam |
|
0x1F |
Access Control List Relay Denied |
0x49 |
DLP Requires Encryption |
|
0x20 |
Safelist Word |
0x4A |
Access Control List Safe |
|
0x21 |
Domain Safe |
0x4B |
Virus Outbreak |
|
0x22 |
Domain Block |
0x4C |
FortiGuard Antispam Webfilter |
|
0x23 |
SPF (not in use) |
0x4D |
Impersonation Analysis |
|
0x24 |
Domain Key (not in use) |
0x4E |
Session Action |
|
0x25 |
DKIM (not in use) |
0x4F |
SPF Sender Alignment |
|
0x26 |
Recipient Verification |
0x50 |
SPF Check |
|
0x27 |
Bounce Verification |
0x51 |
Sandbox URL |
|
0x28 |
Endpoint Reputation |
0x52 |
Sandbox No Result |
|
0x29 |
SSL Profile Check |
0x53 |
Content Modification |
|
|
|
0x54 |
DKIM Failure |