Notification Variables

The different IWSVA modules support different variables (or tokens) in their notification messages. If you choose to create a custom message, please refer to the lists below to find out which variables are appropriate for a given module. Variables are not case sensitive.

• Note: For verbs such as Actions, IWSVA uses simple present tense. To avoid grammar mishaps, Trend Micro recommends using "column style" notifications rather than "sentence style."

HTTPS Decryption

• %h:IWSVA hostname

• %u:URL/URI

• %c:IP address:port after "https://"

• $$DETAILS:details of certificate failure reason / access denied reason

HTTPS/HTTP and FTP Scanning

• %A—action

• %F—file name

• %H—IWSVA host name

• %L—Detailed file name and reason

• %M—move path

• %N—user name

• %R—transfer direction

• %U—URL/URI

• %V—virus or Trojan name

• %X—reasons/block type

• %Y—date and time

HTTPS/HTTP/FTP File Type Block

• %U—URL/URI

The following variables are only used in messages for administrators or in user notification messages:

• %F—file name

• %A—action

• %H—IWSVA host name

• %R—transfer direction

• %X—reasons/block type

• %Y—date and time

• %N—user Name

• %V—virus or Trojan name

Applets and ActiveX Security

• %D—protocol being scanned

• %H—IWSVA host name

• %N—user name

• %U—URL/URI

• %W—new certificate information

• %X—reasons/block type

• %Y—date and time

• %Z—policy name

URL Blocked by Access Control

• %H—IWSVA host name

• %N—User name

• %U—URL/URI

• %X—reason

• %Y—Date and time

URL Blocked by URL Filtering

• %C—Category

• %H—IWSVA host name

• %N—User name

• %U—URL/URI

• %Y—Date and time

URL Filtering

• %U—URL/URI

• %X—reason

URL Filtering by Time Quota

• %U—URL/URI

• %C—Category

• %N—User name

• %Q—Quantity of time

• %Y—Date and time

URL Access Warning

• %A—Action

• %B—Warn and Continue URL/URI

• %C—Category

• %H—IWSVA host name

• %N—User name

• %U—URL/URI

• %Y—Date and time

To customize URL Warning Access notifications, the message template must contain following form to display the “Continue” option:

<form id="warncontinue" method="post" action="%B$$$IWSX_URL_ACTION$$$">

    <INPUT type=hidden value="%A" name=data>

</form>

URL Access Override

• %A—Action

• %B—Continue to URL/URI

• %C—Category

• %E—Policy default Time Limit

• %H—IWSVA host name

• %J— Policy max Time Limit

• %N—User name

• %U—URL/URI

• %Y—Date and time

• %Z—Policy name
  
  If you customize URL Access Override notifications, the message template must contain some javascript code to encrypt the password with base64 code. It should contain some elements: password, time limit and ttl_type. Otherwise, the customized notification page cannot work.

<form id="overridecontinue" method="post" action="%B[Warn and Continue URL/URI]$$$IWSX_URL_ACTION$$$">

<INPUT type=hidden value="%A[Action]" name=data>

To customize URL Warning Access notifications, the message template must contain following form to display the “Continue” option:

<input type="button" name="Button22"

value="Submit" class="style3"

onclick="doSubmit();" />

URL Blocking by HTTP Inspection

• %H—IWSVA host name

• %I— Filter name

• %N—User name

• %U—URL/URI

• %Y—Date and time

Threshold Notification

• %m—metric

• %t—threshold value

High Availability

• %h—host name

• %p—peer name

• %r—reason

See also

• HTTP Scanning Notifications

• FTP Scanning Notifications