8979 - MESGID_SCAN_ARCHIVE_TIMEOUT_WARNING
Message ID: 8979
Message Description: MESGID_SCAN_ARCHIVE_TIMEOUT_WARNING
Message Meaning: Archive scan timeout (warning)
Type: AV
Category: SCANERROR
Severity: Warning
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
action |
The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis |
string |
17 |
agent |
User agent - eg. agent="Mozilla/5.0" |
string |
64 |
analyticscksum |
The checksum of the file submitted for analytics |
string |
64 |
analyticssubmit |
The flag for analytics submission |
string |
10 |
attachment |
string |
3 |
|
authserver |
Server used to authenticate the involved user |
string |
64 |
cc |
string |
512 |
|
cdrcontent |
string |
256 |
|
checksum |
The checksum of the scanned file |
string |
16 |
contentdisarmed |
Content Disarm action- eg. disarmed, detected |
string |
13 |
craction |
Threat Weight action |
uint32 |
10 |
crlevel |
Threat Weight Level |
string |
10 |
crscore |
Threat Weight Score |
uint32 |
10 |
date |
Date |
string |
10 |
devid |
string |
16 |
|
direction |
Message/packets direction |
string |
8 |
dstintf |
Destination Interface |
string |
32 |
dstintfrole |
Destination Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
dstip |
Destination IP Address |
ip |
39 |
dstport |
Destination Port |
uint16 |
5 |
dtype |
Data type for virus category |
string |
32 |
eventtime |
Time when detection occured |
uint64 |
20 |
eventtype |
Event type of AV |
string |
32 |
fctuid |
Forticlient user ID |
string |
32 |
filehash |
Used by Outbreak Prevention External Hash: the hash signature used in the detection |
string |
64 |
filehashsrc |
Used by Outbreak Prevention External Hash: external source that provided the hash signature |
string |
32 |
filename |
File name |
string |
256 |
filetype |
File type |
string |
16 |
forwardedfor |
string |
128 |
|
from |
Email address from the Email Headers (IMAP/POP3/SMTP) |
string |
128 |
group |
Group name (authentication) |
string |
64 |
level |
Log level |
string |
11 |
logid |
Log ID |
string |
10 |
msg |
Log message |
string |
4096 |
policyid |
Policy ID |
uint32 |
10 |
profile |
The name of the profile that was used to detect and take action |
string |
64 |
proto |
Protocol number |
uint8 |
3 |
quarskip |
Quarantine skip explanation |
string |
46 |
rawdata |
string |
1024 |
|
recipient |
Email addresses from the SMTP envelope |
string |
512 |
ref |
The URL of the FortiGuard IPS database entry for the attack |
string |
512 |
sender |
Email address from the SMTP envelope |
string |
128 |
service |
Proxy service which scanned this traffic |
string |
5 |
sessionid |
Session ID |
uint32 |
10 |
srcdomain |
string |
255 |
|
srcintf |
Source Interface |
string |
32 |
srcintfrole |
Source Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
srcip |
Source IP Address |
ip |
39 |
srcport |
Source Port |
uint16 |
5 |
subject |
string |
256 |
|
subservice |
string |
16 |
|
subtype |
Subtype of the virus log |
string |
20 |
time |
Time |
string |
8 |
to |
Email address(es) from the Email Headers (IMAP/POP3/SMTP) |
string |
512 |
trueclntip |
ip |
39 |
|
type |
Log type |
string |
16 |
tz |
Time Zone |
string |
5 |
unauthuser |
string |
66 |
|
unauthusersource |
string |
66 |
|
url |
The URL address |
string |
512 |
user |
Username (authentication) |
string |
256 |
vd |
VDOM name |
string |
32 |
virus |
Virus Name |
string |
128 |
virusid |
Virus ID (unique virus identifier) |
uint32 |
10 |
vrf |
uint8 |
3 |