Mode: monitor
Attack Patterns: Cross Site Scripting
SQL Injection
Protocol Anomalies
AntiVirus scanning: Single Scan
Strict scanning: enabled
What I did: I accessed a subdirectory behind the WAF (doesn't matter if it's existing or not)
What happened:
Instead of the directory listing (or the file) I see a Virus found error:
Virus found
mod_avscan version 0.01 found the virus
daemon connection problem
while downloading /admin/.The transfer has been aborted.
I know that we had false negatives with the Antivirus part, but now it seems like it's broken.
Did someone already report this? My mind is a little unsure at the moment, but there were a few problems with the WAF + Antivirus, so I cannot remember for sure...
Christian
