Codes of Anti-Virus module settings

If logging of audit events and modified settings is enabled in Event Log settings, when settings of the Anti-Virus module are edited in the rule, detailed information about the changes is recorded in an Audit Log event.

The following tables show how the settings of the Anti-Virus module are coded in an Audit Log record.

Codes of settings from the Anti-Virus → Infected file section in the audit event record

Setting of the Anti-Virus module → Infected file

Code in the audit event record

Examples

Anti-Virus switch in the left pane

scanSettings.avScanSettings.
engineSettings.
enableScan

Possible values:

  • true if the toggle switch is On.
  • false if the toggle switch is Off.

Rule created:

scanSettings.avScanSettings.engineSettings.
enableScan[][false]

scanSettings.avScanSettings.infectedFirstAction
[][Skip]

scanSettings.avScanSettings.infectedSecondAction
[][Reject]

scanSettings.avScanSettings.backupInfected
[][false]

scanSettings.avScanSettings.infectedMark[]
[%5BInfected%5D]

scanSettings.avScanSettings.disinfectedMark[]
[%5BCured%5D]

Rule modified:

scanSettings.avScanSettings.engineSettings.
enableScan[false]
[true]

scanSettings.avScanSettings.infectedFirstAction
[Skip][Cure]

scanSettings.avScanSettings.infectedSecondAction
[Reject]
[DeleteAttachment]

scanSettings.avScanSettings.backupInfected[false]
[true]

scanSettings.avScanSettings.infectedMark
[%5BInfected%5D][%5BAV DETECT%5D]

scanSettings.avScanSettings.disinfectedMark
[%5BCured%5D][%5BDisinfected%5D]

Rule deleted:

scanSettings.avScanSettings.engineSettings.
enableScan[true][]

scanSettings.avScanSettings.infectedFirstAction
[Cure][]

scanSettings.avScanSettings.infectedSecondAction
[DeleteAttachment][]

scanSettings.avScanSettings.backupInfected[true][]

scanSettings.avScanSettings.infectedMark
[%5BAV DETECT%5D][]

scanSettings.avScanSettings.disinfectedMark
[%5BDisinfected%5D]

[]

Action

scanSettings.avScanSettings.
infectedFirstAction

Possible values:

  • Skip if the Skip action is selected.
  • Cure if the Disinfect action is selected.
  • DeleteAttachment if the Delete attachment action is selected.
  • Reject if the Reject action is selected.
  • DeleteMessage if the Delete message action is selected.

If disinfection fails

scanSettings.avScanSettings.
infectedSecondAction

Possible values:

  • DeleteAttachment if the Delete attachment action is selected.
  • Reject if the Reject action is selected.
  • DeleteMessage if the Delete message action is selected.

Place original message in Backup

scanSettings.avScanSettings.
backupInfected

Possible values:

  • true if the toggle switch is On.
  • false if the toggle switch is Off.

Text to add to subject of infected message

scanSettings.avScanSettings.
infectedMark

Text to add to subject of disinfected message

scanSettings.avScanSettings.
disinfectedMark

Codes of settings from the Anti-Virus → Scan error section in the audit event record

Setting of the Anti-Virus module → Scan error

Code in the audit event record

Examples

Action

scanSettings.avScanSettings.
errorAction

Possible values:

  • Skip if the Skip action is selected.
  • DeleteAttachment if the Delete attachment action is selected.
  • Reject if the Reject action is selected.
  • DeleteMessage if the Delete message action is selected.

Rule created:

scanSettings.avScanSettings.errorAction[][Skip]

scanSettings.avScanSettings.backupError[][true]

scanSettings.avScanSettings.errorMark[]
[%5BERROR%5D]

Rule modified:

scanSettings.avScanSettings.errorAction[Skip]
[DeleteAttachment]

scanSettings.avScanSettings.backupError[true][
false]

scanSettings.avScanSettings.errorMark[%5BERROR%5D]
[%5BAV ERROR%5D]

Rule deleted:

scanSettings.avScanSettings.errorAction
[DeleteAttachment][]

scanSettings.avScanSettings.backupError

[false][]

scanSettings.avScanSettings.errorMark
[%5BAV ERROR%5D][]

Place original message in Backup

scanSettings.avScanSettings.
backupError

Possible values:

  • true if the toggle switch is On.
  • false if the toggle switch is Off.

Text to add to message subject

scanSettings.avScanSettings.
errorMark

Codes of settings from the Anti-Virus → Encrypted object section in the audit event record

Setting of the Anti-Virus module → Encrypted object

Code in the audit event record

Examples

Action

scanSettings.avScanSettings.
encryptedAction

Possible values:

  • Skip if the Skip action is selected.
  • DeleteAttachment if the Delete attachment action is selected.
  • Reject if the Reject action is selected.
  • DeleteMessage if the Delete message action is selected.

Rule created:

scanSettings.avScanSettings.encryptedAction
[][Skip]

scanSettings.avScanSettings.backupEncrypted
[][true]

scanSettings.avScanSettings.encryptedMark[]
[%5BEncrypted%5D]

Rule modified:

scanSettings.avScanSettings.encryptedAction
[Skip][DeleteAttachment]

scanSettings.avScanSettings.backupEncrypted
[true][false]

scanSettings.avScanSettings.encryptedMark
[%5BEncrypted%5D][%5BAV Encrypted%5D]

Rule deleted:

scanSettings.avScanSettings.encryptedAction
[DeleteAttachment]
[]

scanSettings.avScanSettings.backupEncrypted
[false][]

scanSettings.avScanSettings.encryptedMark
[%5BAV Encrypted%5D][]

Place original message in Backup

scanSettings.avScanSettings.
backupEncrypted

Possible values:

  • true if the toggle switch is On.
  • false if the toggle switch is Off.

Text to add to message subject

scanSettings.avScanSettings.
encryptedMark

Codes of settings from the Anti-Virus → Macro section in the audit event record

Setting of the Anti-Virus module → Macro

Code in the audit event record

Examples

Process attachments with macros

scanSettings.avScanSettings.
engineSettings.detectDocWithMacro

Possible values:

  • true if the toggle switch is On.
  • false if the toggle switch is Off.

Rule created:

scanSettings.avScanSettings.engineSettings.
detectDocWithMacro
[][false]

scanSettings.avScanSettings.docWithMacroAction
[][Skip]

scanSettings.avScanSettings.backupDocWithMacro
[][true]

scanSettings.avScanSettings.docWithMacroMark
[][%5BMacro%5D]

Rule modified:

scanSettings.avScanSettings.engineSettings.
detectDocWithMacro[false][true]

scanSettings.avScanSettings.docWithMacroAction
[Skip][DeleteAttachment]

scanSettings.avScanSettings.backupDocWithMacro
[true][false]

scanSettings.avScanSettings.docWithMacroMark
[%5BMacro%5D]%5BDocument with macro%5D]

Rule deleted:

scanSettings.avScanSettings.engineSettings.
detectDocWithMacro
[true][]

scanSettings.avScanSettings.docWithMacroAction
[DeleteAttachment][]

scanSettings.avScanSettings.backupDocWithMacro
[false][]

scanSettings.avScanSettings.docWithMacroMark
[%5BDocument with macro%5D][]

Action

scanSettings.avScanSettings.
docWithMacroAction

Possible values:

  • Skip if the Skip action is selected.
  • DeleteAttachment if the Delete attachment action is selected.
  • Reject if the Reject action is selected.
  • DeleteMessage if the Delete message action is selected.

Place original message in Backup

scanSettings.avScanSettings.
backupDocWithMacro

Possible values:

  • true if the toggle switch is On.
  • false if the toggle switch is Off.

Text to add to message subject

scanSettings.avScanSettings.
docWithMacroMark

Codes of settings from the Anti-Virus → Exclusions section in the audit event record

Setting of the Anti-Virus module → Exclusions

Code in the audit event record

Examples

Do not scan archives

scanSettings.avScanSettings.engineSettings.
scanArchived

Possible values:

  • true if the toggle switch is On.
  • false if the toggle switch is Off.

Rule created:

scanSettings.avScanSettings.engineSettings.
scanArchived[][true]

scanSettings.avScanSettings.engineSettings.
excludedNames.Added[%2Adoc, %2Apdf]

Rule modified:

scanSettings.avScanSettings.engineSettings.
scanArchived[true][false]

scanSettings.avScanSettings.engineSettings.
excludedNames.Added[%2Axls]

scanSettings.avScanSettings.engineSettings.
excludedNames.Removed[%2Adoc]

Rule deleted:

scanSettings.avScanSettings.engineSettings.
scanArchived[false][]

scanSettings.avScanSettings.engineSettings.
excludedNames.Removed[%2Axls %2Apdf]

Do not scan attachments by name masks

scanSettings.avScanSettings.engineSettings.
excludedNames

Page top