Can someone define these categories for me?
Answers are below:
Virus - These would be Virus Detections against McAfee Engine or Dats or Authentium Engine and Dats where action is taken.
Potentially unwanted programs - Any files attached to emails which are identified as a unwanted program which are blocked.
Compliance - MEG has default compliance rules for HIPPA, SOX, and other content which can identify items like SSN for example to be blocked.
Image analysis - Offensive Content sexual in nature that is scored by MEG which is logged as image analysis when blocked.
URL reputation - Blocked URLs in Emails that are based from McAfee's GTI Database.
DLP - This is for emails that trigger Data Loss Prevention which detects documents uploaded to the DLP Database and Polices on MEG.
Spam and Phish - Detections / Blocks against Spam Emails that score by default 10 or higher. Phishing uses the same similar Anti-Spam engine and
rules to detect and block these.
Sender authentication and reputation - Emails blocked and added to the deny connection list by default for GTI / RBL. Other exampls are SPF, Sender ID, DKIM, FCrDNS as an example under Email, Email Policies, Sender Authentication.
Other detections - Can be email block for items such as DOS and Scan Time out setting configured.
Monitored - Emails which are modified are generally logged as Monitored. An example is Anti-Spam Scanning as an example can set for a reporting threshold on email with a spam score of 5 or higher by default.
Legitimate - Emails which are not blocked and would be allowed through. This can be viewed under Reports, Email Reports, Detail View when filtering on Legitimate emails.
Here is a screen shot as well from our appliance: