Monitoring virus scan logs

After you've configured virus scanning on a specific Domino server, you can monitor scan logs in Domino Content Scan Log (cscanlog.nsf) on the server.

Procedure

  1. Open cscanlog.nsf. If you already have cscancfg.nsf open, a convenient way to open this database is to open the Servers view, select the desired server, and click the Open MailScan Log action button. The Attachments > All view opens.
  2. Expand Virus > dominoserver > mail.box to see a log document for each message attachment that had a virus.
    If you selected the Log all attachments configuration option, there is also a log document categorized as OK for each scanned attachment that didn't contain a virus.
  3. Open an attachment log document to see details about an attachment with a detected virus.
    • The Basics tab provides information about the attachment.
    • The ICAP tab provides information about the virus.
    • Click Virus Total Lookup to open a page on www.virustotal.com that contains security vendor analyses of the detected virus. The File Hash (SHA1) hash value on the Main tab is used to determine the virus about which the analyses are displayed.
    • Click Open Message Log to open a log document for the message that contained the attachment (skip to step 5).
  4. Alternatively, switch to the Messages view, which contains information about each message that was scanned.
  5. Open a message log document to see details about a message and all of its attachments.
    • The Basics tab provides basic information about the message such as the Subject, From, Sender, Recipients, Sent to, and so on.
    • The Details tab provides additional information such as a unique Message ID.
    • The embedded view at the bottom contains links to the individual attachment log documents. Double click an entry to open an attachment log document to get details as in step 3.
    • Click Open Quarantine Message to open the message that was quarantined due to having one or more attachments that contain viruses. A dialog appears asking you if you are sure you want to open the document. If you choose Yes, proceed to the next step carefully.
  6. The quarantined message now displays. Note that it does not display using the normal Memo form used in mail databases, so the message body is not shown. The Basics and Details tabs have the same data as in step 5.
    CAUTION: The attachments are shown -- avoid opening or saving these attachments, since, by definition, at least one of them has been determined to contain a virus.

Example

"All" view in cscanlog.nsf The view shows three entries, two for attachments with viruses and one for a clean attachment.
All view of scan log for Mail1/Renovations
"By Server Type" view in cscanlog.nsf The following view shows the same information in the By Server Type view.
By Server Type view of scan log for Mail1/Renovations

Log document when a virus was found

Basics tab:
Main tab of a virus log for server Mail1/Renovations
ICAP tab:
ICAP tab of a virus log for server Mail1/Renovations