Firewall blocked an email. I do not understand why .
Log:
2018-10-20 14:30:19IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="7" fw_rule_id="71" user="" sig_id="12597" message="SERVER-OTHER utf8 filename transfer attempt" classification="A suspicious filename was detected" rule_priority="3" src_ip="209.85.208.176" src_country="USA" dst_ip="147.231.6.234" dst_country="CZE" protocol="TCP" src_port="38485" dst_port="25" OS="Linux" category="Other Web Server" victim="Server"
Rule 71 is rule with no scan HTTP, no Web Policy, no Application Control - rule: allow all from WAN to mailserver port 25, Intrusion Prevention WAN TO DMZ
Is it possible to find a description of IPS POlicy Rule SID 12597 - SERVER-OTHER utf8 filename transfer attempt?
Filename of the attachement in the email is ..docx - so I do not understand this situation.
This thread was automatically locked due to age.
