cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1571
Views
0
Helpful
4
Replies

ESA Virus Detected Overview vs Virus Types

patcbr600
Level 1
Level 1

Hi all,

 

I'm having some problems in interpreting the monitor statistics for incoming emails with matching virus, I have receive an email from a sender that was detected as suspected spam(srbs -1.9) and that a virus was detected on the email but the statistics overview report 0 virus detected and the virus types detect 2 virus types

 

monitor overview in attach file #1

monitor virus type in attach file #2

Does any one know if this is the right behavior ?

Thanks

Patcbr600

 

 

4 Replies 4

Libin Varghese
Cisco Employee
Cisco Employee

Hi,

I suspect the scenario matches the design explained in the below feature request.

[Feature Request] Consistent "Virus count" across Reports

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCun15506/?reffering_site=dumpcr

Based on this appears it appears to be the right behavior based on the current algorithms that calculate the counts.

The discrepancy is explained by the way messages are categorized in reporting. The Overview page does not double-count messages, which have already been determined as spam. Messages traversing the processing pipeline are scanned by the anti-spam engine first. If the verdict is suspect or positive, the counter for 'Spam Detected' is incremented, and the counter for 'Virus Detected' will not be � even if they contain a virus. If a virus is found, it can be viewed separately in the Virus Types report.

Thank You!

Libin Varghese

Hi,

I was reading the user guide and found the following explanation :

Virus Messages Detected: The total count and percentage of messages detected as virus positive

and not also spam.

This means that if a email is categorize in the spam engine it will not apper in the overview virus msg and only in the virus types.

The email that i receive was categorize was suspected .

Thanks

Patcbr600

That is correct.

An email marked as suspect or positive spam currently increments the spam detected counter and does not get double counted for the virus detected counter.

- Libin V

I am surprised that over two years later, this still hasn't been fixed. This needs to be adressed! 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: