I have HTTp proxy with both antivirus enabled. Also I have sophos endpoint installed.
It seems that the endpoint catch more virus that the UTM. I would expect the sophos engine to get the following since (that's my understanding) both sophos engines are the same (UTM and endpoint)
Log below from the endpoint alert
Event: Access has been blocked to **********/gipoto/dabstepinattack.php" as 'Mal/ExpJS-AA' has been found at this website.
Relevant log from web filter
2012:05:05-10:41:07 ****httpproxy[4521]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.***.***" dstip="173.236.50.237" user="" statuscode="200" cached="4" profile="REF_CnNPwVRtng (Internal Users)" filteraction="REF_DefaultHTTPCFFBlockAction (Internal Users)" size="11580" request="0xa96de5e0" url="http://********/gipoto/dabstepinattack.php" exceptions="" error="" country="United States" category="178" reputation="neutral" categoryname="Internet Services" content-type="text/html"
However, this was not the case. According to virus total ,avira sees that as malware
https://www.virustotal.com/url/1306b95314166571070869cc804ca15e91a734fd24f72565117c4566b9deaa4f/analysis/1336217603/
but is not blocked
Thanks
