ProxySG Access log shows no data for x-exception-id Field Alhough AV System Detected a Virus


Article ID: 169352


Updated On:


ProxySG Software - SGOS


The access log field, x-virus-id, reports a specific virus id such a EICAR-Test-File but x-exception-id does not include not virus_detected.

The access log values are as follows:
  • x-exception-id :-
  • s-action          :non TCP_DENIED such a TCP_NC_MISS,TCP_MISS

The default configuration of the ProxySG appliance will be indicate following value if virus detect.
  • x-exception-id  :virus_detected
  • s-action           :TCP_DENIED


The ProxySG report the exception as expected if your external_services configuration includes a check mark next to the option, use-vendor-virus-page.

You can verify this in your Proxy's Sysinfo file. Search it with the strin: BEGIN external_services.

!- BEGIN external_services
!- END external_services


No action required.

Accesslog data seems to be indicating pass through the virus data.
But your customer will be receive vendor of exception page when AV system detect virus.