03-09-2017 01:22 AM
Hi all,
I'm having some problems in interpreting the monitor statistics for incoming emails with matching virus, I have receive an email from a sender that was detected as suspected spam(srbs -1.9) and that a virus was detected on the email but the statistics overview report 0 virus detected and the virus types detect 2 virus types
monitor overview in attach file #1
monitor virus type in attach file #2
Does any one know if this is the right behavior ?
Thanks
Patcbr600
03-09-2017 05:57 AM
Hi,
I suspect the scenario matches the design explained in the below feature request.
[Feature Request] Consistent "Virus count" across Reports
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCun15506/?reffering_site=dumpcr
Based on this appears it appears to be the right behavior based on the current algorithms that calculate the counts.
The discrepancy is explained by the way messages are categorized in reporting. The Overview page does not double-count messages, which have already been determined as spam. Messages traversing the processing pipeline are scanned by the anti-spam engine first. If the verdict is suspect or positive, the counter for 'Spam Detected' is incremented, and the counter for 'Virus Detected' will not be � even if they contain a virus. If a virus is found, it can be viewed separately in the Virus Types report.
Thank You!
Libin Varghese
03-09-2017 06:03 AM
Hi,
I was reading the user guide and found the following explanation :
Virus Messages Detected: The total count and percentage of messages detected as virus positive
and not also spam.
This means that if a email is categorize in the spam engine it will not apper in the overview virus msg and only in the virus types.
The email that i receive was categorize was suspected .
Thanks
Patcbr600
03-09-2017 06:45 AM
That is correct.
An email marked as suspect or positive spam currently increments the spam detected counter and does not get double counted for the virus detected counter.
- Libin V
03-06-2020 03:55 AM
I am surprised that over two years later, this still hasn't been fixed. This needs to be adressed!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: