Solved: Hi Herbert,

herbert.schredl1 · ‎05-30-2016

Hi,

i often get the following alert message from or ESA.

How can i check which email is affected or what does the error message exactly mean? Thanks for your help.

lg

Herbert

Message:

The Info message is:

Retrospective verdict received. SHA256: 48e556de275d4917be7556a337ae390e4eb3133fc2c7fcbd3e32ce2304e81efb, Verdict: malicious, Reputation Score: 0, Spyname: W32.Auto.48e556.MASH.SR.SBX.VIOC

Version: 9.1.0-032

Serial Number: 4222DBC341F4D7E4D812-A8A488F3B03D

Timestamp: 23 May 2016 15:27:47 +0200

To learn more about alerts, please visit our Knowledge Base. In many cases, you can find further information about this specific alert. Please click the Knowledge Base link after logging into our Support Portal at:

Ken Stieers · ‎07-15-2016

Grab the SHA and go to message tracking. There's a field you can paste it in under Advanced

View solution in original post

Raed Boshmaf · ‎05-30-2016

Hi Herbert,

You have received this message because most likely you have configured your appliance to send "Anti-Virus and AMP" alerts at Info level.

You can review your configuration from the webUI(GUI) > System Administration > Alerts.

Informational alerts are generated in the routine functioning of this device. Said that, the message you received simply indicates that AMP is working as expected and classified an email with Verdict: malicious.

So everything is running fine, it's just an informational Alert.

Regards

Raed

Nirender Aggarwal · ‎07-15-2016

Do you know if there is an easy way to track who would have received the message that now contains the malicious attachment.?

Nirender

Ken Stieers · ‎07-15-2016

Grab the SHA and go to message tracking. There's a field you can paste it in under Advanced

ESA Error: Retrospective verict received