IceWarp Antispam LIVE Classifications
This table shows a cross-reference of the classification assigned by IceWarp Antispam LIVE against the IceWarp Serverreason code with a description of what each one means.
These IceWarp Antispam LIVE classifications can be located within the antispam log.
Example line from antispam log:
and/or within the X_CTCH header of the message
Example X-CTCH header line
Note: Note that if the message does not contain an X-CTCH header, then it has not been classified by IceWarp Antispam LIVE and should not be reported!
| X-CTCH header |
What it means |
IceWarp Server Reason code |
If mis- classified this is a... |
|---|---|---|---|
|
Spam=Confirmed |
Message is from a known spam source. |
LIVE=Y |
False Positive |
|
Spam=Bulk |
Message is not from a known spam source but has the characteristics of a bulk message. |
LIVE=H |
False Positive |
|
Spam=Suspect See Note 1 below |
Message is not from a known spam source but has a higher than normal distribution. |
LIVE=N |
False Negative |
|
Spam=Unknown |
Message is not from a known spam source and has a normal distribution. |
LIVE=N |
False Negative |
|
Spam=Non-spam |
Message comes from an IceWarp Antispam LIVE trusted source. |
LIVE=N |
False Negative |
|
VOD=Virus |
Message contains malware |
LIVE=Y |
False Positive |
|
VOD=High |
Message is highly likely to contain malware |
LIVE=H |
False Positive |
|
VOD=Medium See Note 2 below |
Message is suspected to contain malware |
LIVE=N |
See NOTE 2 below |
|
VOD=Unknown See Note 2 below |
Indeterminate threat level |
LIVE=N |
See NOTE 2 below |
|
VOD=Non-virus See Note 2 below |
Message confirmed as malware=free |
LIVE=N |
See NOTE 2 below |
Note: Spam=Suspect is now deprecated and should not occur. If it does, then IceWarp Server classifies this as a legitimate message.
Note: IceWarp Antispam LIVE does not replace the AV engine of IceWarp Server. For viruses, IceWarp Antispam LIVE is only useful within the first few minutes of a new virus outbreak and as such IceWarp Server will only react to the highest probabilities that the message contains a virus. Therefore there is no point reporting false positives regarding virus detection by AS.
