This article applies to:
- Trustwave MailMarshal (SEG)
- Trustwave ECM/MailMarshal Exchange
Symptoms:
- SEG or ECM is not reporting the name of the virus detected
- The notification email received does not report the name of the virus when a message is quarantined in the virus folder
- Only the %VirusName% or {VirusName} parameter is displayed
- Reports show the name of the virus scanning rule, not the virus name
Causes:
The %VirusName% or {VirusName} variable only works for the virus scanners that use the special DLL interface to SEG or ECM.
With current supported versions of SEG, and ECM/MailMarshal Exchange 7.X, the following scanners have a special DLL interface:
- McAfee for Marshal
- Sophos for Marshal
- Bitdefender for Marshal
The following scanners formerly supported are no longer supported
- Panda
- Kaspersky
- Sophos (SAVI) (no 64-bit version is available)
- Symantec Antivirus Scan Engine (Interface no longer supported)
Virus scanners that are run from the command line interface cannot return this variable. They only return a number to SEG that indicates whether the scan was successful or not.Reporting on viruses by name
In Marshal Reporting Console, if you are using a DLL interface scanner you can report on viruses by name.
- For each virus block rule, ensure that the rule logs a classification. The Description field of the classification must contain the {VirusName} variable.
- By default SEG or ECM includes a classification "Contains a Virus" that you can use for this purpose.
- In Reporting Group configuration (SEG/MailMarshal [Manager] properties > Reporting tab, or MailMarshal Exchange properties > Reporting Groups), include this classification in the Virus Scanning group.
- To ensure that viruses are not counted more than once in reports, remove other classifications or folders from the Virus Scanning Reporting Group.
- This article was previously published as:
- NETIQKB29183
- Marshal KB133