8200 - MESGID_MIME_FILETYPE_EXE_WARNING
Message ID: 8200
Message Description: MESGID_MIME_FILETYPE_EXE_WARNING
Message Meaning: File is an executable (warning)
Type: Virus
Category: filetype-executable
Severity: Warning
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
action |
The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis |
string |
18 |
agent |
User agent - eg. agent="Mozilla/5.0" |
string |
1024 |
analyticscksum |
The checksum of the file submitted for analytics |
string |
64 |
analyticssubmit |
The flag for analytics submission |
string |
10 |
attachment |
|
string |
3 |
authserver |
Server used to authenticate the involved user |
string |
64 |
cc |
|
string |
512 |
checksum |
The checksum of the scanned file |
string |
16 |
craction |
Threat Weight action |
uint32 |
10 |
crlevel |
Threat Weight Level |
string |
10 |
crscore |
Threat Weight Score |
uint32 |
10 |
date |
Date |
string |
10 |
devid |
|
string |
16 |
direction |
Message/packets direction |
string |
8 |
dstauthserver |
|
string |
64 |
dstcountry |
|
string |
64 |
dstintf |
Destination Interface |
string |
32 |
dstintfrole |
Destination Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
dstip |
Destination IP Address |
ip |
39 |
dstport |
Destination Port |
uint16 |
5 |
dstuser |
|
string |
256 |
dstuuid |
|
string |
37 |
dtype |
Data type for virus category |
string |
32 |
eventtime |
Time when detection occured |
uint64 |
20 |
eventtype |
Event type of AV |
string |
32 |
fctuid |
Forticlient user ID |
string |
32 |
filename |
File name |
string |
256 |
forwardedfor |
|
string |
128 |
from |
Email address from the Email Headers (IMAP/POP3/SMTP) |
string |
128 |
group |
Group name (authentication) |
string |
512 |
httpmethod |
|
string |
20 |
level |
Log level |
string |
11 |
logid |
Log ID |
string |
10 |
messageid |
|
string |
256 |
msg |
Log message |
string |
4096 |
pdstport |
|
uint16 |
5 |
policyid |
Policy ID |
uint32 |
10 |
policymode |
|
string |
8 |
policytype |
|
string |
24 |
poluuid |
|
string |
37 |
profile |
The name of the profile that was used to detect and take action |
string |
64 |
proto |
Protocol number |
uint8 |
3 |
psrcport |
|
uint16 |
5 |
quarskip |
Quarantine skip explanation |
string |
46 |
recipient |
Email addresses from the SMTP envelope |
string |
512 |
referralurl |
|
string |
512 |
sender |
Email address from the SMTP envelope |
string |
128 |
service |
Proxy service which scanned this traffic |
string |
5 |
sessionid |
Session ID |
uint32 |
10 |
srccountry |
|
string |
64 |
srcdomain |
|
string |
255 |
srcintf |
Source Interface |
string |
32 |
srcintfrole |
Source Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
srcip |
Source IP Address |
ip |
39 |
srcmac |
|
string |
17 |
srcname |
|
string |
64 |
srcport |
Source Port |
uint16 |
5 |
srcuuid |
|
string |
37 |
subject |
|
string |
256 |
subservice |
|
string |
16 |
subtype |
Subtype of the virus log |
string |
20 |
time |
Time |
string |
8 |
to |
Email address(es) from the Email Headers (IMAP/POP3/SMTP) |
string |
512 |
transid |
|
uint32 |
10 |
trueclntip |
|
ip |
39 |
type |
Log type |
string |
16 |
tz |
Time Zone |
string |
5 |
unauthuser |
|
string |
66 |
unauthusersource |
|
string |
66 |
user |
Username (authentication) |
string |
256 |
vd |
VDOM name |
string |
32 |
vrf |
|
uint8 |
3 |