Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 2542 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scan ftp for malware

Regex

Hello.

Recently i did an update to SFOS v18. One of my rule is FTPs server . The problem is when i sett "scanftpformalware" i cant connect to my ftp server. App is saying "ssl handshake timed out" is there any clue on that ?;)

Logs from FILEZILLA:

14:08:58 Status: Connection established, waiting for welcome message...
14:08:58 Response: 220 NASFTPD Turbo station 1.3.5a Server (ProFTPD)
14:08:58 Command: AUTH TLS
14:08:58 Response: 234 AUTH TLS successful
14:08:58 Status: Initializing TLS...

 

15:48:36 Status: Connection established, initializing TLS...
15:48:36 Error: GnuTLS error -15: An unexpected TLS packet was received.
15:48:36 Status: Connection attempt failed with "ECONNABORTED - Connection aborted".
15:48:36 Error: Could not connect to server

 

My guess is that there is sth messy with DPI for that traffic. Cuz the traffic must be inspected to see for malware maybe do ya have some ideas.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to lferrara

    Ok, somehow its woring. but from my point of view i thought its gonna to inspect the traffic. so i did some testing like i was trying to upload a "malware" <-- a file from eicar.org and file was sended without any problem.. hm. tha same is with https on port 8443.


    show service-param
    Service Ports
    ------- -----
    HTTPS 8443
    FTP 990
    ------------------------------------

Children
No Data