Back=right
mouse click.
Back=right
mouse click.
The different IWSVA modules support different variables (or tokens) in their notification messages. If you choose to create a custom message, please refer to the lists below to find out which variables are appropriate for a given module. Variables are not case sensitive.
Note: For verbs such as Actions, IWSVA uses simple present tense. To avoid grammar mishaps, Trend Micro recommends using "column style" notifications rather than "sentence style."
%h:IWSVA hostname
%u:URL/URI
%c:IP address:port after "https://"
$$DETAILS:details of certificate failure reason / access denied reason
%A—action
%F—file name
%H—IWSVA host name
%L—Detailed file name and reason
%M—move path
%N—user name
%R—transfer direction
%U—URL/URI
%V—Malware name (virus, Trojan, or Bot name)
%X—reasons/block type
%Y—date and time
%N—User name
%A—Action
%P—Path and file name
%C—Category
%Z—Policy name
%Y—Date and time
%H—IWSVA host name
%T—Template name
%U—URL/URI
%Y—Date and time — The date and time of the triggering event
%A—Action taken
%N—User name
%Z—Policy name
%H—IWSVA host name
%T—Template name
%N—User name
%U—URL/URI
%Y—Date and time
%Z—Policy name
%Z—Policy name
%N—User name
%U—URL/URI
%A—Action
%K—Risk level
%U—URL/URI
The following tokens are only used in messages for administrators or in user notification messages:
%F—File name
%A—Action taken
%H—IWSVA host name
%R—Transfer direction
%X—Reasons/block type
%Y—Date and time
%N—User Name
%V—Virus, Trojan, or Bot name
%D—Protocol being scanned
%H—IWSVA host name
%N—User name
%U—URL/URI
%W—New certificate information
%X—[reasons/block type]
%Y—Date and time
%Z—Policy name
%H—IWSVA host name
%N—User name
%U—URL/URI
%X—reason (only works in body)
%Y—Date and time
%C—Category
%H—IWSVA host name (only works in the header field)
%N—User name
%U—URL/URI
%Y—Date and time
%U—URL/URI
%X—reason
%U—URL/URI
%C—Category
%H—IWSVA host name
%N—User name
%Q—Quantity of time
%Y—Date and time
%A—Action
%B—Warn and Continue URL/URI
%C—Category
%H—IWSVA host name (only works in header field)
%N—User name
%U—URL/URI (only works in body)
%Y—Date and time
To customize URL Warning Access notifications, the message template must contain following form to display the “Continue” option:
<form id="warncontinue" method="post" action="%B$$$IWSX_URL_ACTION$$$">
<INPUT type=hidden value="%A" name=data>
</form>
%A—Action
%B—Continue to URL/URI
%C—Category
%E—Policy default Time Limit
%H—IWSVA host name
%J— Policy max Time Limit
%N—User name
%U—URL/URI
%Y—Date and time
%Z—Policy name
If you customize URL Access Override notifications, the message template
must contain some javascript code to encrypt the password with base64
code. It should contain some elements: password, time limit and ttl_type.
Otherwise, the customized notification page cannot work.
<form id="overridecontinue" method="post" action="%B[Warn and Continue URL/URI]$$$IWSX_URL_ACTION$$$">
<INPUT type=hidden value="%A[Action]" name=data>
To customize URL Warning Access notifications, the message template must contain following form to display the “Continue” option:
<input type="button" name="Button22"
value="Submit" class="style3"
onclick="doSubmit();" />
%H—IWSVA host name
%I— Filter name
%N—User name
%U—URL/URI
%Y—Date and time
%m—metric
%t—threshold value
%h—host name
%p—peer name
%r—reason