Message ID: 8961
Message Description: MESGID_SCAN_UNCOMPSIZELIMIT_NOTIF
Message Meaning: File reached the uncompressed size limit
Type: Virus
Category: scanerror
Severity: Notice
|
Log Field Name |
Description |
Data Type |
Length |
|---|---|---|---|
|
action |
The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis |
string |
18 |
|
agent |
User agent - eg. agent="Mozilla/5.0" |
string |
1024 |
|
analyticscksum |
The checksum of the file submitted for analytics |
string |
64 |
|
analyticssubmit |
The flag for analytics submission |
string |
10 |
|
attachment |
|
string |
3 |
|
authserver |
Server used to authenticate the involved user |
string |
64 |
|
cc |
|
string |
512 |
|
cdrcontent |
|
string |
256 |
|
checksum |
The checksum of the scanned file |
string |
16 |
|
contentdisarmed |
Content Disarm action- eg. disarmed, detected |
string |
13 |
|
craction |
Threat Weight action |
uint32 |
10 |
|
crlevel |
Threat Weight Level |
string |
10 |
|
crscore |
Threat Weight Score |
uint32 |
10 |
|
date |
Date |
string |
10 |
|
devid |
|
string |
16 |
|
direction |
Message/packets direction |
string |
8 |
|
dstauthserver |
|
string |
64 |
|
dstcountry |
|
string |
64 |
|
dstintf |
Destination Interface |
string |
32 |
|
dstintfrole |
Destination Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
|
dstip |
Destination IP Address |
ip |
39 |
|
dstport |
Destination Port |
uint16 |
5 |
|
dstuser |
|
string |
256 |
|
dstuuid |
|
string |
37 |
|
dtype |
Data type for virus category |
string |
32 |
|
eventtime |
Time when detection occured |
uint64 |
20 |
|
eventtype |
Event type of AV |
string |
32 |
|
fctuid |
Forticlient user ID |
string |
32 |
|
filehash |
Used by Outbreak Prevention External Hash: the hash signature used in the detection |
string |
64 |
|
filehashsrc |
Used by Outbreak Prevention External Hash: external source that provided the hash signature |
string |
32 |
|
filename |
File name |
string |
256 |
|
filetype |
File type |
string |
16 |
|
fndraction |
|
string |
7 |
|
fndrconfidence |
|
string |
6 |
|
fndrfileid |
|
uint64 |
20 |
|
fndrfiletype |
|
string |
10 |
|
fndrseverity |
|
string |
8 |
|
fndrverdict |
|
string |
5 |
|
forwardedfor |
|
string |
128 |
|
from |
Email address from the Email Headers (IMAP/POP3/SMTP) |
string |
128 |
|
fsaaction |
|
string |
7 |
|
fsafileid |
|
uint64 |
20 |
|
fsafiletype |
|
string |
10 |
|
fsaseverity |
|
string |
11 |
|
fsaverdict |
|
string |
32 |
|
group |
Group name (authentication) |
string |
512 |
|
httpmethod |
|
string |
20 |
|
level |
Log level |
string |
11 |
|
logid |
Log ID |
string |
10 |
|
msg |
Log message |
string |
4096 |
|
pathname |
|
string |
256 |
|
pdstport |
|
uint16 |
5 |
|
policyid |
Policy ID |
uint32 |
10 |
|
policymode |
|
string |
8 |
|
policytype |
|
string |
24 |
|
poluuid |
|
string |
37 |
|
profile |
The name of the profile that was used to detect and take action |
string |
64 |
|
proto |
Protocol number |
uint8 |
3 |
|
psrcport |
|
uint16 |
5 |
|
quarskip |
Quarantine skip explanation |
string |
46 |
|
rawdata |