Event
Identifications for notifications written into Windows event logs may impact the monitoring
of ScanMail. Consult the
following table to understand the Windows event logs.
ScanMail Windows Event Log Codes
|
Event ID
|
Facility
|
Type / Severity
|
Category
|
Description
|
|
3
|
Application
|
Error
|
None
|
Alert. ScanMail
service did not start successfully.
|
|
4
|
Application
|
Error
|
None
|
Alert. ScanMail
service is unavailable.
|
|
5
|
Application
|
Warning
|
None
|
Security risk scan notification.
|
|
6
|
Application
|
Warning
|
None
|
Attachment blocking notification.
|
|
7
|
Application
|
Warning
|
None
|
Content filtering notification.
|
|
16
|
Application
|
Warning
|
None
|
Alert. Manual update unsuccessful.
|
|
17
|
Application
|
Information
|
None
|
Alert. Manual update successful.
|
|
18
|
Application
|
Warning
|
None
|
Alert. Last update time is older than specified time.
|
|
19
|
Application
|
Information
|
None
|
Alert. Manual scan successful.
|
|
20
|
Application
|
Error
|
None
|
Alert. Manual scan unsuccessful.
|
|
21
|
Application
|
Warning
|
None
|
Alert. Scan time exceeds specified time.
|
|
22
|
Application
|
Warning
|
None
|
Alert. The disk space on the local drive (volume) of the backup or quarantine
directory is less than specified size.
|
|
23
|
Application
|
Warning
|
None
|
Alert. The size of database to keep quarantine and logs exceeds specified
size.
|
|
24
|
Application
|
Information
|
None
|
Alert. Scheduled scan successful.
|
|
25
|
Application
|
Error
|
None
|
Alert. Scheduled scan unsuccessful.
|
|
32
|
Application
|
Error
|
None
|
Alert. Scheduled update unsuccessful.
|
|
33
|
Application
|
Information
|
None
|
Alert. Scheduled update successful.
|
|
34
|
Application
|
Warning
|
None
|
Web reputation notification.
|
|
35
|
Application
|
Warning
|
None
|
Data Loss Prevention notification
|
|
80
|
Application
|
Information
|
None
|
Alert. Outbreak Prevention Mode started.
|
|
82
|
Application
|
Information
|
None
|
Alert. Outbreak Prevention Mode stopped and configuration restored.
|
|
257
|
Application
|
Warning
|
None
|
Virus/Malware Outbreak Alert.
|
|
258
|
Application
|
Warning
|
None
|
Uncleanable Virus/Malware Outbreak Alert.
|
|
259
|
Application
|
Warning
|
None
|
Blocked attachment Outbreak Alert.
|
|
260
|
Application
|
Warning
|
None
|
Spyware/Grayware Outbreak Alert.
|
|
513
|
Application
|
Error
|
None
|
Filter loading exception.
|
|
514
|
Application
|
Error
|
None
|
Adapter loading exception.
|
|
4097
|
Application
|
Warning
|
None
|
Alert. The disk space on the local drive of the MS Exchange transaction log is
less than specified size.
|
|
4098
|
Application
|
Warning
|
None
|
Alert. The Microsoft Exchange mail store size exceeds specified size.
|
|
4099
|
Application
|
Warning
|
None
|
Alert. The Microsoft Exchange SMTP messages queued continuously exceeds the
specified number.
|
|
4112
|
Application
|
Error
|
None
|
ScanMail Master
Service stopped due to insufficient disk space. Please free up some disk space and
restart ScanMail Master Service.
|
|
8193
|
Application
|
Information
|
None
|
EUQ. Processing manual End User Quarantine maintenance task started.
|
|
8194
|
Application
|
Information
|
None
|
EUQ. Processing of manual End User Quarantine maintenance task ended.
|
|
8195
|
Application
|
Information
|
None
|
EUQ. Processing of schedule End User Quarantine maintenance task started.
|
|
8196
|
Application
|
Information
|
None
|
EUQ. End of processing schedule End User Quarantine maintenance task.
|
|
8197
|
Application
|
Information
|
None
|
EUQ. Start to process enable End User Quarantine task.
|
|
8198
|
Application
|
Information
|
None
|
EUQ. End of processing enable End User Quarantine task.
|
|
8199
|
Application
|
Information
|
None
|
EUQ. Start to process disable End User Quarantine task.
|
|
8200
|
Application
|
Information
|
None
|
EUQ. End of processing disable End User Quarantine task.
|
|
12289
|
Application
|
Error
|
None
|
"The transport scan module was unable to load the ScanMail transport hook.
This could be caused by improper COM registration, missing DLL files, or privilege
issues with the hookSMTP.dll. Check if the required files are complete, manually
register hookSMTP.dll, and restart ScanMail Master Service."
|
|
12290
|
Application
|
Error
|
None
|
The ScanMail transport
scan module is unable to send IPC requests to the ScanMail Master service. Check
Windows event log for system errors.
|
|
12291
|
Application
|
Error
|
None
|
The transport scan module is unable to detect ScanMail or it does not
have proper permission to access ScanMail related files or registries. ScanMail Master Service
has not started. Please restart ScanMail Master Service.
|
|
12292
|
Application
|
Error
|
None
|
Another transport scan module may be active. Please check if a transport scan
module has already been loaded by the Exchange transport service. Another
transport scan module is running.
|
|
12293
|
Application
|
Error
|
None
|
The ScanMail transport
scan module is unable to create a transport agent object. Make sure the ScanMail DLL files are
complete.
|
|
12294
|
Application
|
Warning
|
None
|
"Transport scan has been disabled and messages have been passed through without
being scanned by ScanMail. To enable transport scanning, log on to the ScanMail Management
Console and enable any of the following transport level real-time security risk
scan, transport level attachment blocking, transport level content filtering, or
spam prevention."
|
|
12545
|
Application
|
Error
|
None
|
The MCP agent between ScanMail and Apex Central stopped unexpectedly.
|
|
20480
|
Application
|
Information
|
None
|
Log on/off ScanMail
product console.
|
|
20481
|
Application
|
Information
|
None
|
ScanMail configuration
change.
|
|
20482
|
Application
|
Information
|
None
|
ScanMail management
operation.
|
|
28672
|
Application
|
Information
|
None
|
Switch security risk scan methods
|
|
28673
|
Application
|
Warning
|
None
|
Smart Scan - Each time File Reputation service was Unavailable.
|
|
28675
|
Application
|
Information
|
None
|
Smart Scan - Each time File Reputation service was Recovered.
|
|
28676
|
Application
|
Warning
|
None
|
Smart Scan - Each time Web Reputation service was Unavailable.
|
|
28677
|
Application
|
Information
|
None
|
Smart Scan - Each time Web Reputation service was Recovered.
|
|
28678
|
Application
|
Information
|
None
|
Search & Destroy - Each time a search was successful
|
|
28679
|
Application
|
Error
|
None
|
Search & Destroy - Each time a search was unsuccessful
|
|
28681
|
Application
|
Warning
|
None
|
Virtual Analyzer - Each time the Virtual Analyzer was
unavailable
|
|
28682
|
Application
|
Information
|
None
|
Virtual Analyzer - Each time the Virtual Analyzer was recovered
|
|
28684
|
Application
|
Error
|
None
|
ScanMail
is unable to access its database, but ScanMail is still protecting mail traffic
|
|
24578
|
Application
|
Information
|
None
|
The connection between ScanMail service and its datbase has been recovered
|
|
28687
|
Application
|
Warning
|
None
|
Predictive Machine Learning service was unavailable
|
|
28688
|
Application
|
Information
|
None
|
Predictive Machine Learning service was recovered
|
|
28690
|
Application
|
Warning
|
None
|
Writing Style service was unavailable
|
|
28691
|
Application
|
Information
|
None
|
Writing Style service was recovered
|