Guest

Preview Tool

Cisco Bug: CSCun15506 - [Feature Request] Consistent "Virus count" across Reports

Last Modified

Sep 14, 2020

Products (1)

  • Cisco Content Security Management Appliance

Known Affected Releases

10.1.0-037 8.1.1-013

Description (partial)

Symptom:
Inconsistent Virus Reporting across reports

Customer perception: "appliances are failing to report "Virus Detected" statistics in their Incoming Email Summary data."


+Report: Monitor>Overview>Incoming Mail Summary:Virus Detected

Virus Detected Shows: 0

+Report: Monitor>Virus Types: Virus Detected

Virus Type report for the same period as the Overview detailing that multiple[le viruses were processed and blocked..

"Total infected Messages" = 80+ (displayed by virus type)

Conditions:
Online Help File (Categorizing Email Messages on the Overview Page) on the "Virus Messages Detected" Row shows: 
"The total count and percentage of message detected as virus positive and not also spam."

The key point is contained in this sentence:  ?The total count and percentage of message detected as virus positive and not also spam.? (Emphasis is mine.)

Based upon a closer examination of the IronPort modified Subject lines in the Virus Quarantine (when sorted by Subject), I would agree that it appears this algorithm is the one responsible for the perceived discrepancy.

From that viewpoint, I now believe that the Overview, Incoming Mail Details, and other related reporting sections are functioning correctly as designed.

That being said, I cannot say that I am completely happy with the design.

Related Community Discussions

ESA Virus Detected Overview vs Virus Types
Hi all,   I'm having some problems in interpreting the monitor statistics for incoming emails with matching virus, I have receive an email from a sender that was detected as suspected spam(srbs -1.9) and that a virus was detected on the email but the statistics overview report 0 virus detected and the virus types detect 2 virus types   monitor overview in attach file #1 monitor virus type in attach file #2 Does any one know if this is the right behavior ? Thanks Patcbr600    
Latest activity: Mar 09, 2017
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.