How duplicate verdicts per messages are reported | Each email message can have multiple recipients and multiple threats. Different recipients in the same email message may have different threats triggered. This situation occurs because the different recipients may belong to different policy groups. For example, recipients in group A may have content filtering enabled for employee data protection terms, while recipients in group B may not.
Some verdicts have names associated with them to describe unique instances of that verdict type. For example, a known virus may be called W32.Zoltan or VBS.Throckmorton. Each named verdict is counted separately. If both W32.Zoltan and VBS.Throckmorton are found one or more times in a message, the virus count increases by two. The message is considered a multiple threat message.
The following verdicts have unique names: Verdicts that are not included in this list are counted once per message regardless of the number of occurrences of the verdict in the message. For example, a single message is sent to three recipients. The message to recipient A has two matches for encrypted content. The same message that is sent to recipient B has two matches for encrypted content. That same message that is sent to recipient C has no matches. The total count of encrypted content for the message is one. The virus threat count for the message is one (encrypted content counts as a virus without a unique name). If no other threats are detected in the message, it is considered a single threat message.
See Threat category components. |