Windows Event Log Codes

Event Identifications for notifications written into windows event logs have changed a lot from previous versions of ScanMail. This change might impact your monitoring efforts. Consult the following table to understand the Windows event logs.

Event ID	Facility	Type/ Severity	Category	Description
3	Application	Error	None	Alert. ScanMail service did not start successfully.
4	Application	Error	None	Alert. ScanMail service is unavailable.
5	Application	Warning	None	Security risk scan notification.
6	Application	Warning	None	Attachment blocking notification.
7	Application	Warning	None	Content filtering notification.
16	Application	Warning	None	Alert. Manual update unsuccessful.
17	Application	Information	None	Alert. Manual update successful.
18	Application	Warning	None	Alert. Last update time is older than specified time.
19	Application	Information	None	Alert. Manual scan successful.
20	Application	Error	None	Alert. Manual scan unsuccessful.
21	Application	Warning	None	Alert. Scan time exceeds specified time.
22	Application	Warning	None	Alert. The disk space on the local drive (volume) of the backup or quarantine directory is less than specified size.
23	Application	Warning	None	Alert. The size of database to keep quarantine and logs exceeds specified size.
24	Application	Information	None	Alert. Scheduled scan successful.
25	Application	Error	None	Alert. Scheduled scan unsuccessful.
32	Application	Error	None	Alert. Scheduled update unsuccessful.
33	Application	Information	None	Alert. Scheduled update successful.
34	Application	Warning	None	Web reputation notification.
35	Application	Warning	None	Data Protection notification
80	Application	Information	None	Alert. Outbreak Prevention Mode started.
82	Application	Information	None	Alert. Outbreak Prevention Mode stopped and configuration restored.
257	Application	Warning	None	Virus/Malware Outbreak Alert.
258	Application	Warning	None	Uncleanable Virus/Malware Outbreak Alert.
259	Application	Warning	None	Blocked attachment Outbreak Alert.
260	Application	Warning	None	Spyware/Grayware Outbreak Alert.
513	Application	Error	None	Filter loading exception.
514	Application	Error	None	Adapter loading exception.
4097	Application	Warning	None	Alert. The disk space on the local drive of the MS Exchange transaction log is less than specified size.
4098	Application	Warning	None	Alert. The Microsoft Exchange mail store size exceeds specified size.
4099	Application	Warning	None	Alert. The Microsoft Exchange SMTP messages queued continuously exceeds the specified number.
4112	Application	Error	None	ScanMail Master Service stopped due to insufficient disk space. Please free up some disk space and restart ScanMail Master Service.
8193	Application	Information	None	EUQ. Processing manual End User Quarantine maintenance task started.
8194	Application	Information	None	EUQ. Processing of manual End User Quarantine maintenance task ended.
8195	Application	Information	None	EUQ. Processing of schedule End User Quarantine maintenance task started.
8196	Application	Information	None	EUQ. End of processing schedule End User Quarantine maintenance task.
8197	Application	Information	None	EUQ. Start to process enable End User Quarantine task.
8198	Application	Information	None	EUQ. End of processing enable End User Quarantine task.
8199	Application	Information	None	EUQ. Start to process disable End User Quarantine task.
8200	Application	Information	None	EUQ. End of processing disable End User Quarantine task.
12289	Application	Error	None	The transport scan module was unable to load the ScanMail transport hook. This could be caused by improper COM registration, missing DLL files, or privilege issues with the hookSMTP.dll. Check if the required files are complete, manually register hookSMTP.dll, and restart ScanMail Master Service.
12290	Application	Error	None	The ScanMail transport scan module is unable to send IPC requests to the ScanMail Master service. Check Windows event log for system errors.
12291	Application	Error	None	The transport scan module is unable to detect ScanMail or it does not have proper permission to access ScanMail related files or registries. ScanMail Master Service has not started. Please restart ScanMail Master Service.
12292	Application	Error	None	Another transport scan module may be active. Please check if a transport scan module has already been loaded by the Exchange transport service. Another transport scan module is running.
12293	Application	Error	None	The ScanMail transport scan module is unable to create a transport agent object. Make sure the ScanMail DLL files are complete.
12294	Application	Warning	None	Transport scan has been disabled and messages have been passed through without being scanned by ScanMail. To enable transport scanning, log on to the ScanMail Management Console and enable any of the following transport level real-time security risk scan, transport level attachment blocking, transport level content filtering, or spam prevention.
12545	Application	Error	None	The MCP agent between ScanMail and Control manager stopped unexpectedly.
20480	Application	Information	None	Log on/off ScanMail product console.
20481	Application	Information	None	ScanMail configuration change.
20482	Application	Information	None	ScanMail management operation.
28672	Application	Information	None	Switch security risk scan methods
28673	Application	Warning	None	Smart Scan - Each time File Reputation service was Unavailable.
28675	Application	Information	None	Smart Scan - Each time File Reputation service was Recovered.
28676	Application	Warning	None	Smart Scan - Each time Web Reputation service was Unavailable.
28677	Application	Information	None	Smart Scan - Each time Web Reputation service was Recovered.