When AV Engine records an alert on CAS on the WEB-UI - the filename submitted for analysis is displayed properly.
However, when the "alert" is sent via syslog, the filename is changed to something that doesn't match the real file name
e.g. syslog output: -
threat_file":"/data/bluecoat/avenger/tmp/rest[9].tmp","threat_subfile":"/rest[9].tmp"
This had been addressed through Bug CRE-11321, which had been fixed in CAS OS 3.1.5.1 and later