cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Ave_Joe
Iron

Anti-SPAM Control analysis

Anyone have any clue to how interpret the "Control Analysis:" string in log entries for Anti-SPAM?

Here is a sample log entry:

=================

Number: 10374796
Date: 4May2018
Time: 9:17:40
Interface: MTA
Origin: #################
Type: Log
Action: Reject
Service: smtp (25)
Source: mail-bl2nam02lp0086.outbound.protection.outlook.com (207.46.163.86)
Destination: ########
Protocol: tcp
Rule: 0 - Implied Rules
File Direction: to/from this gateway
Product: Anti Spam
Sender: rwkdqdfpp@golfmd.com
Email Session ID: {5AEC6B84-0-1A6464A7-797B07B6}
Email ID: 1
Recipients: #################
Source Country: United States
Spam Category: Spam
Recipients Number: 1
Control Analysis: str=0001.0A0B0203.5AEC6B84.0085,ss=4,re=0.500,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
Control: Content Anti Spam
Product Family: Network
Policy Info: Policy Name: ##########
Created at: Wed May 02 07:06:25 2018
Installed from: #############

===========================

Tags (1)
4 Replies
Admin
Admin

Re: Anti-SPAM Control analysis

I have not seen any official documentation on this.

0 Kudos
Employee+
Employee+

Re: Anti-SPAM Control analysis

Hi!

Control Analysis log field and X-Control-Analysis e-mail header are the same. We inject them to the mails and also in the log and they serve as a "reference ID".

a) You can use this to correlate between the e-mail your end user received to find the matching log in SmartLog.

b) You can use this when reporting a FP/FN.

HTH

Ave_Joe
Iron

Re: Anti-SPAM Control analysis

Thanks for the reply.  I am looking for specific details how to read the log entry so I can better understand.  Maybe I am missing something?

In the sample:

Control Analysis: str=0001.0A0B0203.5AEC6B84.0085,ss=4,re=0.500,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8

What is each of the field represent?

str= ?  (reference id?)

ss =?  (spam score?)

re = ?

recu = ?

reip = ?

cl = ?

fgs = ?

0 Kudos
Alex_Weldon
Nickel

Re: Anti-SPAM Control analysis

Could be unique identifiers used by Cyren / Commtouch. Cyren Support Portal - Security as a Service - 100% Cloud  I believe Check Point makes use of their reputation services.

0 Kudos