Occasionally you can produce reports even if data collection is not currently enabled. This situation can happen if you enabled data collection in the past and then turned off data collection. The data that are collected are available for report generation until they are old enough to be automatically purged. After that period, report generation fails. The "Delete data older than" setting on the Report Settings page controls this retention period.
Discrepancies in Suspect Virus Outcomes
The graph part of the Malware Summary report contains a section near the bottom called Suspect Virus Outcomes. The table part of the same report contains a Suspect Virus column. The total suspect virus outcomes may not match the suspect virus column.
The reasons for this difference include the following:
The suspect virus outcomes are counted for messages only if the message matches a policy that contains the action "Strip and Delay in Suspect Virus Quarantine" or "Hold message in Suspect Virus Quarantine."
Even if a matching policy might trigger one of those actions for a message, another policy may match the message, and take precedence. For example, if a message contains a virus and a suspect virus and the matching malware policy is "Delete message" and the matching suspect virus policy is "Hold message in Suspect Virus Quarantine," the message is deleted. The message is deleted because deletion takes precedence over "Hold message in Suspect Virus Quarantine."
Data in Content Filtering Summary report can look inconsistent
By default, the bottom of the Content Filtering Summary report contains a table of the top content filtering policies that were triggered. The table contains a Policies Triggered column and an Incidents Created column. Logically, the number of Incidents Created should never exceed the number of Policies Triggered. However, because of different data sources and timing issues, Incidents Created can sometimes exceed Policies Triggered.