Content Analysis has a template message that will be triggered by an alert. The message in this template contains a variable called "%SUBFILE". This variable should show the path of the file, however this depends on the AV vendor. Each vendor will generate a different path file.
In the Content Analysis management console, go to
Settings > Alerts > Messages and select
ICAP header X-Virus-Details. Find the following entry:
The %SUBFILE variable will provide a value that depends on the AV vendor, so it is not the same.
When using McAfee:
%SUBFILE = "inbound file/eicar_com.zip/eicar.com"
When using Kaspersky:
%SUBFILE = "//C:\Users\Downloads\eicar_com.zip//eicar.com"
When using Sophos:
%SUBFILE = "BUFFER/C:\Users\Downloads\eicar_com.zip/Embed0003/eicar.com"
This is an expected behavior or by design.
Imported Document ID: 000027600
Subscribing will provide email updates when this Article is updated. Login is required.