ScanMail™ for Microsoft™ Exchange 11.0 Online Help

Collapse AllExpand All
  • "Log on as batch job" policy [1]
  • access control
  • actions [1] [2]
    • attachment blocking [1]
    • compressed files [1]
    • Data Loss Prevention [1]
    • security risk scan [1]
    • spam prevention
      • content scanning [1]
    • web reputation [1]
  • activating ScanMail [1] [2]
    • Activation Code [1]
      • additional features [1]
      • standard [1]
      • suite [1]
    • reactivating [1]
  • Activation Code [1]
    • locating [1]
    • reactivating [1]
    • standard [1]
    • suite [1]
    • suite with additional features [1]
  • ActiveAction [1] [2]
  • ActiveUpdate [1] [2]
    • incremental updates [1]
  • advanced threats [1]
  • Advanced Threat Scan Engine [1]
  • Advanced Threat Scan Engine (ATSE)
  • adware [1]
  • alerts [1] [2] [3]
    • notifications [1]
    • outbreak [1]
    • system events [1]
  • ATSE [1]
  • attachment blocking [1] [2]
  • automatic deployment settings
    • Scheduled Download [1]
  • Command & Control Contact Alert Services [1]
    • categories [1]
    • Deep Discovery Advisor [1]
    • Global Intelligence list [1]
    • Smart Protection Server [1]
    • Virtual Analyzer list [1]
  • components
    • downloading [1]
  • compressed files [1] [2] [3] [4] [5] [6]
    • actions [1]
    • compression ratios [1]
    • compression types [1]
    • Denial-of-Service [1]
  • compression types [1]
  • configuring [1]
    • access control [1] [2]
    • internal domains [1]
    • local sources [1]
    • macro scans [1]
    • managed products [1]
    • notifications [1]
    • proxy settings [1]
    • quarantine folder/directory [1]
    • real-time scan [1]
    • Scheduled Download
      • automatic deployment settings [1]
    • Scheduled Download Exceptions [1]
    • Scheduled Download Settings [1]
    • security risk scan
    • special groups [1] [2]
    • user accounts [1]
    • web reputation [1]
    • World Virus Tracking Program [1]
  • contacting
    • technical support [1]
  • content filtering [1]
  • content scanning [1]
  • Control Manager [1] [2]
    • about [1]
    • accounts [1]
    • agent [1]
    • antivirus and content security components [1] [2]
    • basic features [1]
    • configuring accounts [1]
    • features [1]
    • mail server [1]
    • managed product [1]
    • MCP [1]
    • report server [1]
    • see Trend Micro Control Manager [1]
    • SQL database [1]
    • Trend Micro Management Infrastructure [1]
    • web-based management console [1]
    • web server [1]
    • widget framework [1]
  • Control Manager antivirus and content security components
    • Anti-spam rules [1]
    • Engines [1]
    • Pattern files/Cleanup templates [1]
  • creating
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2]
  • customized keywords [1]
  • data identifiers [1]
    • expressions [1]
    • file attributes [1]
    • keyword lists
    • keywords [1]
  • data leakage prevention [1]
  • Data Loss Prevention [1] [2]
  • data views
    • understand [1]
  • Deep Discovery Advisor [1] [2]
  • Denial-of-Service [1] [2] [3]
  • Denial-of-Service attack [1]
  • deployment plans [1]
  • dialers [1]
  • Directory Management options [1]
  • Directory Manager [1]
  • disease vector [1]
  • download components
  • downloading and deploying components [1]
  • EICAR [1]
  • email reputation
  • email reputation services [1]
  • encoding types [1]
  • End User Quarantine [1] [2]
  • Enterprise Protection Strategy [1]
  • expressions [1] [2]
  • false positive [1]
  • features [1]
  • file attributes [1]
  • file reputation [1]
  • File Reputation Services [1]
  • files
    • uncleanable [1]
  • folders
  • frequently asked questions
    • calculating decompressed file size [1]
    • checking pattern file updates [1]
    • checking service pack updates [1]
    • compression ratios [1]
    • dangerous files [1]
    • EICAR test virus [1]
    • false positives [1]
    • handling large files [1]
    • latest patches [1]
    • locating Activation Code [1]
    • locating Registration Key [1] [2]
    • phish attacks [1]
    • regular expressions [1]
    • remote SQL server password changed [1]
    • sending detected viruses to Trend Micro [1]
    • sending suspected threats to Trend Micro [1]
    • spyware/grayware [1]
    • unable to log on to product console [1]
    • using keywords [1] [2] [3]
    • using operators with keywords [1]
  • global policy [1]
  • global settings
    • quarantine folder/directory [1]
  • grayware [1]
  • hacking tools [1]
  • hot fixes [1]
  • icons [1]
  • integrated server [1]
  • IntelliScan [1] [2]
  • IntelliTrap [1]
  • internal domains [1]
    • configuring [1]
  • joke program [1] [2]
  • keywords [1] [2] [3] [4] [5]
  • known issues [1]
  • licenses [1]
    • registering [1]
  • local sources
    • configuring [1]
    • settings [1]
    • Smart Protection Server [1]
  • logs [1] [2]
  • macro scan [1]
  • macro viruses/malware [1]
  • mailbox search
    • configuring [1]
    • criteria
      • date [1]
      • discovery mailbox [1]
      • keywords [1]
      • mailbox components [1]
      • mailboxes [1]
      • specific senders or recipients [1]
    • deleting [1]
    • keywords [1]
    • modifying [1]
    • options [1]
    • results [1]
    • syntax [1]
    • types [1]
    • viewing [1]
  • maintaining security [1]
  • managed products
    • configuring [1]
    • issue tasks [1]
    • recovering [1]
    • renaming [1]
    • searching for [1]
    • viewing logs [1]
  • managing outbreak situations [1]
    • analyzing [1]
    • confirming the outbreak [1]
    • recovering [1]
    • responding [1]
  • manually download components [1]
  • manual scan [1]
  • manual updates [1]
  • mass-mailing attack [1]
  • master services
    • ScanMail EUQ Migrator Service [1]
    • ScanMail EUQ Monitor [1]
    • ScanMail for Exchange Remote Configuration Server [1]
    • ScanMail for Microsoft Exchange Master Services [1]
    • ScanMail for Microsoft Exchange System Watcher [1]
    • starting and stopping [1]
  • MCP [1]
  • multipurpose internet mail extensions [1]
  • notifications [1] [2] [3]
    • about [1]
    • actions that trigger [1]
    • alerts [1]
    • configuring [1]
    • global settings [1]
    • web reputation [1]
  • one-time reports [1] [2]
    • generating [1]
  • online help
    • accessing [1]
  • operator [1]
  • outbreak alerts [1]
  • Outbreak Prevention Services [1]
  • password cracking applications [1]
  • patches [1]
    • updating FAQ [1]
  • pattern files [1] [2] [3] [4]
    • incremental updates [1]
    • Smart Scan Agent pattern [1]
    • Smart Scan pattern [1]
    • spam pattern files [1]
    • updates [1]
    • updating manually [1]
    • Web Blocking list [1]
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • phish [1] [2] [3] [4]
  • policies
    • content filtering [1]
    • Data Loss Prevention [1]
  • post-installation
    • spam folder [1]
  • predefined expressions [1]
  • predefined templates [1]
  • product console [1]
    • banner [1]
    • configuration area [1]
    • getting help [1]
    • side menu [1]
    • unable to log on [1]
    • viewing remote servers [1]
    • viewing servers [1]
    • viewing virtual servers [1]
  • Product Directory
    • deploying components [1]
  • proxy servers [1]
  • proxy settings [1] [2]
    • configuring [1]
  • quarantine
    • alerts [1]
    • configuring [1]
    • folder/directory [1]
    • global settings [1]
    • queries
    • resending messages [1]
  • quarantine folder/directory [1]
  • quarantine query
    • maintenance
    • performing [1]
    • resending messages [1]
  • query logs [1]
  • reactivating ScanMail [1]
  • real-time monitor [1]
    • viewing remote servers [1]
  • real-time scan [1] [2]
    • characteristics [1]
    • configuring [1]
    • notifications [1]
  • recovering
    • managed products [1]
  • registering
    • to Control Manager [1]
  • registering ScanMail [1]
    • how to [1]
    • online purchase [1]
    • Registration Key [1]
    • reseller purchase [1]
    • to Control Manager [1]
  • Registration Key
  • regular expressions [1]
  • remote access tools [1]
  • remote servers
    • viewing with real-time monitor [1]
  • renaming
    • folders [1]
    • managed products [1]
  • replicating configurations [1] [2]
  • reports [1]
    • generating scheduled [1]
    • maintenance [1]
    • one-time reports [1] [2] [3]
    • scheduled [1]
    • scheduled reports [1]
    • templates [1]
  • report templates [1]
  • resources
    • creating for virtual servers [1] [2] [3] [4]
    • creating for Windows 2003 [1]
    • creating for Windows 2008 [1] [2]
    • Exchange 2007 CCR Cluster [1]
    • Exchange 2007 SCC Cluster [1]
    • Exchange 2007 SCR Cluster [1]
  • role
  • roll back [1]
  • scan engine [1]
  • ScanMail EUQ Migrator Service [1]
  • ScanMail EUQ Monitor [1]
  • ScanMail for Exchange Remote Configuration Server [1]
  • ScanMail for Microsoft Exchange Master Services [1]
  • ScanMail for Microsoft Exchange System Watcher [1]
  • ScanMail technology [1]
    • scan engine [1]
  • scans [1]
    • about scans [1]
    • actions [1] [2]
    • logs [1]
    • macro scan [1]
    • manual scan [1]
    • manual scan settings [1]
    • on cluster servers [1]
    • real-time scan [1]
    • scheduled scan [1]
    • scheduled scan settings [1]
  • schedule bar [1]
  • Scheduled Download
    • configuring
      • automatic deployment settings [1]
  • Scheduled Download Exceptions
    • configuring [1]
  • Scheduled Download Frequency
    • configuring [1]
  • Scheduled Downloads [1]
  • Scheduled Download Schedule
    • configuring [1]
  • Scheduled Download Schedule and Frequency [1]
  • Scheduled Download Settings
    • configuring settings [1]
  • scheduled scan [1]
  • scheduled updates [1]
  • Search & Destroy
  • Search & Destroy administrator [1]
  • searching
    • managed products [1]
  • security baseline [1]
    • managing real-time monitor [1]
    • performing a manual scan [1]
    • update ScanMail [1]
  • security information site [1]
  • security risks [1]
    • advanced threats [1]
    • compressed files [1]
    • Denial-of-Service [1]
    • Denial-of-Service attack [1]
    • disease vector [1]
    • encoding types [1]
    • grayware [1]
    • joke program [1]
    • macro viruses/malware [1]
    • mass-mailing attack [1]
    • multipurpose internet mail extensions [1]
    • other malicious codes [1]
    • packed files [1]
    • phish [1] [2] [3]
    • spyware [1]
    • spyware/grayware [1] [2]
    • Trojan Horse [1] [2]
    • true file type [1]
    • virus/malware writers [1]
    • viruses/malware [1] [2]
    • worms [1] [2]
    • zip-of-death [1]
  • security risk scan
    • about [1]
    • actions [1] [2]
    • ActiveAction [1]
    • compressed file handling [1]
    • configuring target settings [1]
    • custom settings [1]
    • enabling real-time scan [1]
    • IntelliScan [1] [2]
    • IntelliTrap [1]
    • logs [1]
    • notifications
    • report [1]
    • summary screen [1]
  • server management console [1]
    • activating [1]
    • replicating configurations [1] [2]
    • replicating servers [1]
    • view last replication [1]
    • view pattern and engine version [1]
    • view scan results [1]
    • view scan status [1]
    • view smart scan status [1]
  • Server Management Console
  • service packs [1] [2]
  • services
    • starting and stopping [1]
  • smart protection [1] [2] [3] [4]
    • File Reputation Services [1]
    • source [1] [2]
    • sources
      • comparison [1]
      • protocols [1]
    • volume of threats [1]
  • Smart Protection [1] [2]
    • File Reputation Services [1]
    • integrated server [1]
    • pattern files [1]
    • Smart Protection Network [1]
    • Smart Protection Server [1]
    • standalone server [1]
    • Web Reputation Services [1] [2]
  • Smart Protection Network [1] [2]
    • web reputation [1]
  • Smart Protection Server [1] [2] [3] [4]
  • Smart Protection sources
    • integrated server [1]
    • local source settings [1]
    • Smart Protection Server [1]
    • standalone server [1]
  • spam engine [1]
  • spam maintenance [1]
    • End User Quarantine [1]
  • spam pattern files [1]
  • spam prevention [1]
    • alerts [1]
    • content scanning [1]
    • email reputation
    • email reputation services [1]
    • End User Quarantine [1]
    • maintenance [1]
    • notifications [1]
    • spam engine [1]
    • spam pattern files [1]
  • special groups [1] [2]
  • spyware [1]
  • spyware/grayware [1] [2] [3] [4]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • malware naming [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • SQL server
    • manually updating password [1]
  • standalone server [1]
  • summary [1]
    • security risks [1]
    • spam tab [1]
    • system tab [1]
  • support/system debugger [1]
  • targets
    • web reputation [1]
  • templates [1] [2]
  • TrendLabs [1]
  • Trend Micro Control Manager [1]
    • agent [1]
    • communication protocol [1]
    • communicator [1]
    • entity [1]
    • managed product user access [1]
    • registering ScanMail [1]
    • registering to [1]
    • server [1]
    • unregistering ScanMail [1]
    • using ScanMail [1]
  • Trojan Horse [1] [2]
  • true file type [1]
  • uncleanable files [1]
  • understand
    • data views [1]
    • deployment plans [1]
    • log queries [1]
    • logs [1]
  • unregistering
    • ScanMail from Control Manager [1]
  • updates
    • ActiveUpdate [1]
    • alerts [1]
    • components on clusters [1]
    • download source [1]
    • latest patches FAQ [1]
    • logs [1]
    • manual configurations [1]
    • pattern file, manual [1]
    • pattern files [1]
    • rolling back [1]
    • scan engine, manual [1]
    • scheduled configurations [1]
  • updating ScanMail [1]
  • URLs
    • email technical support [1]
    • Knowledge Base [1]
    • security information site [1]
    • update center [1]
  • version comparison [1]
  • viewing
    • managed products logs [1]
  • Virtual Analyzer
    • scan engine technology [1]
  • virtual servers [1] [2]
    • creating ScanMail resources [1] [2] [3] [4]
    • viewing from the product console [1]
  • viruses/malware [1] [2] [3]
  • Virus Scan Application Programming Interface (VSAPI) [1]
  • Virus Scan Engine [1]
    • scan engine [1]
  • web reputation [1] [2] [3] [4] [5] [6]
  • Web Reputation Services [1] [2]
  • wildcard [1]
  • wildcards [1]
  • Windows event log codes [1]
  • World Virus Tracking Program [1] [2]
    • configuring [1]
  • worms [1] [2]
  • zip-of-death [1]

Log View Database Schema Parent topic

The following table combines tblMsgEntries and tblFilterEntries.

View [vwMsgFilterEntriesTmp]

Field Name
From Table
From Field
Description
msg_entry_id
tblFilterEntries
msg_entry_id
Primary key of the table [tblMsgEntries]
msg_delivery_time
tblMsgEntries
msg_delivery_time
The message delivery time
msg_found_at
tblMsgEntries
msg_found_at
The place where this message is found at
msg_source
tblMsgEntries
msg_source
The semi-colon delimited sender list
msg_destination
tblMsgEntries
msg_destination
The semi-colon delimited recipient list
msg_subject
tblMsgEntries
msg_subject
The subject of this message
filter_id
tblFilterEntries
filter_id
Primary key of the table [tblFilterEntries]
filter_scan_time
tblFilterEntries
filter_scan_time
The scan time
filter_rule
tblFilterEntries
filter_rule
The filter rule triggered. Virus/malware name for security risk filter, rule name for content filter, and file type blocked by attachment blocking filter (such as .exe), risk level of a malicious URL for Web Reputation filter
file_original
tblFilterEntries
file_original
The original file name that triggered the rule
filter_action
tblFilterEntries
filter_action
The result of the action taken
filter_reason
tblFilterEntries
filter_reason
The detailed information about how the content is being detected for content violation, malicious URL for Web Reputation filter
filter_rule_supplement
tblFilterEntries
filter_rule_supplement
The virus/malware type, used to separate virus and spyware
url_category
tblFilterEntries
url_category
The category of the detected URL
The following table combines table tblStorageEntries and view vwMsgFilterEntriesTmp.

View [vwMsgFilterEntries]

Field Name
From Table
From Field
Description
filter_scan_time
vwMsgFilterEntriesTmp
filter_scan_time
The scan time
msg_delivery_time
vwMsgFilterEntriesTmp
msg_delivery_time
The message delivery time
msg_found_at
vwMsgFilterEntriesTmp
msg_found_at
The place where this message is found at
msg_source
vwMsgFilterEntriesTmp
msg_source
The semi-colon delimited sender list
msg_destination
vwMsgFilterEntriesTmp
msg_destination
The semi-colon delimited recipient list
msg_subject
vwMsgFilterEntriesTmp
msg_subject
The subject of this message
filter_rule
vwMsgFilterEntriesTmp
filter_rule
The filter rule triggered. Virus/malware name for security risk filter, rule name for content filter, and file type blocked by attachment blocking filter (such as .exe), risk level of a malicious URL for Web Reputation filter
filter_reason
vwMsgFilterEntriesTmp
filter_reason
Detailed information about how the content is being detected for content violation, malicious URL for Web Reputation filter.
file_original
vwMsgFilterEntriesTmp
file_original
The original filename that triggered the rule
msg_entry_id
vwMsgFilterEntriesTmp
msg_entry_id
Primary key of the table [tblMsgEntries]
filter_id
vwMsgFilterEntriesTmp
filter_id
Primary key of the table [tblFilterEntries]
filter_action
vwMsgFilterEntriesTmp
filter_action
The result of the action taken
storage_entry_id
tblStorageEntries
storage_entry_id
Primary key of the table [tblStorageEntries]
storage_path
tblStorageEntries
storage_path
The path the file saved to
storage_reason
tblStorageEntries
storage_reason
The reason (quarantine, archive, or backup) to make this storage entry.
filter_rule_supplement
vwMsgFilterEntriesTmp
filter_rule_supplement
The virus/malware type, used to separate virus and spyware.
url_category
tblFilterEntries
url_category
The category of the detected URL
The following table combines table tblMsgEntries and tblStorageEntries.

View [vwMsgStorageEntries]

Field Name
From Table
From Field
Description
storage_entry_id
tblStorageEntries
storage_entry_id
Primary key of the table [tblStorageEntries]
msg_source
tblMsgEntries
msg_source
The semi-colon delimited sender list
msg_destination
tblMsgEntries
msg_destination
The semi-colon delimited recipient list
msg_subject
tblMsgEntries
msg_subject
The subject of this message
filter_id
tblStorageEntries
filter_id
Primary key of the table [tblFilterEntries]
filter_scan_time
tblStorageEntries
filter_scan_time
The scan time
filter_rule
tblStorageEntries
filter_rule
The filter rule triggered. Virus/malware name for security risk filter, rule name for content filter, and file type blocked by attachment blocking filter (such as .exe), risk level of a malicious URL for Web Reputation filter
file_original
tblStorageEntries
file_original
The original filename that triggered the rule
filter_action
tblStorageEntries
filter_action
The result of the action taken
storage_reason
tblStorageEntries
storage_reason
The reason (quarantine, archive, or backup) for this storage entry
storage_resend_count
tblStorageEntries
storage_resend_count
The count of this entry has been resent
The following table selects blocked attachments data from view vwMsgFilterEntries.

View [vwABLogs]

Field Name
From Table
From Field
Description
storage_entry_id
vwMsgFilterEntries
storage_entry_id
Primary key of the table tblStorageEntries
filter_scan_time
vwMsgFilterEntries
filter_scan_time
The scan time
msg_delivery_time
vwMsgFilterEntries
msg_delivery_time
The message delivery time
msg_found_at
vwMsgFilterEntries
msg_found_at
The place where this message is found at
msg_source
vwMsgFilterEntries
msg_source
The semi-colon delimited sender list
msg_destination
vwMsgFilterEntries
msg_destination
The semi-colon delimited recipient list
msg_subject
vwMsgFilterEntries
msg_subject
The subject of this message
filter_rule_cf
vwMsgFilterEntries
filter_rule
File type blocked by attachment blocking filter(such as .exe)
filter_original
vwMsgFilterEntries
filter_original
The original filename that triggered the rule
filter_action
vwMsgFilterEntries
filter_action
The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.
Note
Note
%SMEX_HOME% represents the SMEX installation directory.  By default, this is C:\Program Files\Trend Micro\Smex\
filter_id
vwMsgFilterEntries
filter_id
Primary key of the table [tblFilterEntries]
The following table selects security risk scan data from view vwMsgFilterEntries.

View [vwAVLogs]

Field Name
From Table
From Field
Description
storage_entry_id
vwMsgFilterEntries
storage_entry_id
Primary key of the table tblStorageEntries
filter_scan_time
vwMsgFilterEntries
filter_scan_time
The scan time
msg_delivery_time
vwMsgFilterEntries
msg_delivery_time
The message delivery time
msg_found_at
vwMsgFilterEntries
msg_found_at
The place where this message is found at
msg_source
vwMsgFilterEntries
msg_source
The semi-colon delimited sender list
msg_destination
vwMsgFilterEntries
msg_destination
The semi-colon delimited recipient list
msg_subject
vwMsgFilterEntries
msg_subject
The subject of this message
filter_rule_av
vwMsgFilterEntries
filter_rule
Virus/malware name
filter_original
vwMsgFilterEntries
filter_original
The original filename that triggered the rule
filter_action
vwMsgFilterEntries
filter_action
The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.
Note
Note
%SMEX_HOME% represents the SMEX installation directory.  By default, this is C:\Program Files\Trend Micro\Smex\
filter_rule_supplement
vwMsgFilterEntries
filter_rule_supplement
The virus/malware type, used to separate virus and spyware.
filter_id
vwMsgFilterEntries
filter_id
Primary key of the table [tblFilterEntries]
storage_reason
vwMsgFilterEntries
storage_reason
The reason (quarantine, archive, or backup) for this storage entry.
The following table selects content violation data from view vwMsgFilterEntries.

View [vwCFLogs]

Field Name
From Table
From Field
Description
storage_entry_id
vwMsgFilterEntries
storage_entry_id
Primary key of the table tblStorageEntries
filter_scan_time
vwMsgFilterEntries
filter_scan_time
The scan time
msg_delivery_time
vwMsgFilterEntries
msg_delivery_time
The message delivery time
msg_found_at
vwMsgFilterEntries
msg_found_at
The place where this message is found at
msg_source
vwMsgFilterEntries
msg_source
The semi-colon delimited sender list
msg_destination
vwMsgFilterEntries
msg_destination
The semi-colon delimited recipient list
msg_subject
vwMsgFilterEntries
msg_subject
The subject of this message
filter_rule_cf
vwMsgFilterEntries
filter_rule
Rule name for content filter
filter_original
vwMsgFilterEntries
filter_original
The original filename that triggered the rule
filter_action
vwMsgFilterEntries
filter_action
The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.
Note
Note
%SMEX_HOME% represents the SMEX installation directory.  By default, this is C:\Program Files\Trend Micro\Smex\
filter_reason
vwMsgFilterEntries
filter_reason
Detailed information about how the content is being detected for content violation, malicious URL for Web Reputation filter
filter_id
vwMsgFilterEntries
filter_id
Primary key of the table [tblFilterEntries]
The following table selects Data Loss Prevention incident data from view vwMsgFilterEntries.

View [vwDLPLogs]

Field Name
From Table
From Field
Description
storage_entry_id
vwMsgFilterEntries
storage_entry_id
Primary key of the table tblStorageEntries
filter_scan_time
vwMsgFilterEntries
filter_scan_time
The scan time
msg_delivery_time
vwMsgFilterEntries
msg_delivery_time
The message delivery time
msg_found_at
vwMsgFilterEntries
msg_found_at
The place where this message is found at
msg_source
vwMsgFilterEntries
msg_source
The semi-colon delimited sender list
msg_destination
vwMsgFilterEntries
msg_destination
The semi-colon delimited recipient list
msg_subject
vwMsgFilterEntries
msg_subject
The subject of this message
filter_rule_dlp
vwMsgFilterEntries
filter_rule
Rule name for Data Loss Prevention
filter_action
vwMsgFilterEntries
filter_action
The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\web\xml.
Note
Note
%SMEX_HOME% represents the SMEX installation directory.  By default, this is C:\Program Files\Trend Micro\Smex\
file_original
vwMsgFilterEntries
file_original
The original filename that triggered the rule
filter_template
vwMsgFilterEntries
filter_reason
The triggered Data Loss Prevention template
The following table selects unscannable message data from view vwMsgFilterEntries.

View [vwUSLogs]

Field Name
From Table
From Field
Description
storage_entry_id
vwMsgFilterEntries
storage_entry_id
Primary key of the table tblStorageEntries
filter_scan_time
vwMsgFilterEntries
filter_scan_time
The scan time
msg_delivery_time
vwMsgFilterEntries
msg_delivery_time
The message delivery time
msg_found_at
vwMsgFilterEntries
msg_found_at
The place where this message is found at
msg_source
vwMsgFilterEntries
msg_source
The semi-colon delimited sender list
msg_destination
vwMsgFilterEntries
msg_destination
The semi-colon delimited recipient list
msg_subject
vwMsgFilterEntries
msg_subject
The subject of this message
filter_rule_us
vwMsgFilterEntries
filter_rule
Unscannable reason
filter_original
vwMsgFilterEntries
filter_original
The original filename that triggered the rule
filter_action
vwMsgFilterEntries
filter_action
The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.
Note
Note
%SMEX_HOME% represents the SMEX installation directory.  By default, this is C:\Program Files\Trend Micro\Smex\
filter_id
vwMsgFilterEntries
filter_id
Primary key of the table [tblFilterEntries]
storage_reason
vwMsgFilterEntries
storage_reason
The reason (quarantine, archive, or backup) for this storage entry.
The following table selects storage data from view vwMsgFilterEntries.

View [vwQuarantineLogs]

Field Name
From Table
From Field
Description
storage_entry_id
vwMsgFilterEntries
storage_entry_id
Primary key of the table [tblStorageEntries]
filter_scan_time
vwMsgFilterEntries
filter_scan_time
The scan time
msg_source
vwMsgFilterEntries
msg_source
The semi-colon delimited sender list
msg_destination
vwMsgFilterEntries
msg_destination
The semi-colon delimited recipient list
msg_subject
vwMsgFilterEntries
msg_subject
The subject of this message
filter_rule
vwMsgFilterEntries
filter_rule
The filter rule triggered. Virus/malware name for security risk filter, rule name for content filter, and file type blocked by attachment blocking filter(such as .exe), risk level of a malicious URL for Web Reputation filter
storage_resend_count
vwMsgFilterEntries
storage_resend_count
The count of this entry has been resent
storage_reason
vwMsgFilterEntries
storage_reason
The reason (quarantine, archive, or backup) for this storage entry.
The following table selects data about malicious URL from view vwMsgStorageEntries.

View [vwWTPLogs]

Field Name
From Table
From Field
Description
filter_scan_time
vwMsgFilterEntries
filter_scan_time
The scan time
msg_delivery_time
vwMsgFilterEntries
msg_delivery_time
The message delivery time
msg_source
vwMsgFilterEntries
msg_source
The semi-colon delimited sender list
msg_destination
vwMsgFilterEntries
msg_destination
The semi-colon delimited recipient list
msg_subject
vwMsgFilterEntries
msg_subject
The subject of this message
filter_rule_uf
vwMsgFilterEntries
filter_rule_uf
Risk level of a malicious URL for Web Reputation filter
Suspicious_url
vwMsgFilterEntries
filter_reason
Suspicious URL
filter_action
filter_action
The result of action taken. Reference [action_description.xml], which is located in %SMEX_HOME%\ web\xml.
Note
Note
%SMEX_HOME% represents the SMEX installation directory.  By default, this is C:\Program Files\Trend Micro\Smex\
filter_id
vwMsgFilterEntries
filter_id
Primary key of the table [tblFilterEntries]
storage_entry_id
vwMsgFilterEntries
storage_entry_id
Primary key of the table [tblStorageEntries]
url_category
tblFilterEntries
url_category
The category of the detected URL

Example 1: Query information about the virus log, content filtering log, or attachment blocking log from tables ‘vwAVLogs’,‘vwCFLogs’, ‘vwABLogs’ between 12/12/2008 09:00:00’ AND ‘12/18/2008 09:00:00’ 

SELECT msg_source,msg_destination,filter_rule_av
FROM vwAVLogs
WHERE filter_scan_time 
BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’
ORDER BY filter_scan_time;

SELECT *
FROM vwCFLogs
WHERE filter_scan_time 
BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’
ORDER BY filter_scan_time;

SELECT *
FROM vwABLogs
WHERE filter_scan_time 
BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’
ORDER BY filter_scan_time;

Example 2: Get Storage Log

SELECT * 
FROM vwMsgStorageEntries 
WHERE filter_scan_time 
BETWEEN  ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’
ORDER BY filter_scan_time;