Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2591 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Antivirus report

wingman
Hi All

I've just checked mu daily report (sent last night) and it said 16 viruses were caught via HTTP proxy. Today I got 1 virus caught ( pic attached)

Is there anywhere I can that I can find more information regarding this? (ie. which client downloaded the virus etc etc )

The second issue is that there is an entry via blank name. That's the second time I am facing this (I had opened a bug case when it first happened but it was closed as Astaro team couldn't replicate the issue)

Thanks


This thread was automatically locked due to age.
  • 0
    update:

    If i check only today's report I can see HTML/Crypted.Gen as captured. However, on 7 days report it shows as blank (pic attached on my first post). I insist that this is a bug

    The reports are "gone" for couple of minutes and then everything returns back to normal [:(]

    I have attached  a pic as well
  • 0
    update

    found the report 

    /var/log/http/2009/11/http-2009-11-03.log.gz:2009:11:03-19:26:36 stuffman httpproxy[18819]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.2.14" user="" statuscode="403" cached="0" profile="REF_feefDrZrCB (Zone 1)" filteraction="REF_DefaultHTTPCFFBlockAction (Zone 1)" size="2378" time="1445 ms" request="0xa58a9800" url="www.footerchat.com/.../Crypted.Gen"

    /var/log/http/2009/11/http-2009-11-03.log.gz:2009:11:03-19:26:41 stuffman httpproxy[18819]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.2.14" user="" statuscode="403" cached="0" profile="REF_feefDrZrCB (Zone 1)" filteraction="REF_DefaultHTTPCFFBlockAction (Zone 1)" size="2378" time="501 ms" request="0xa58a9800" url="www.footerchat.com/.../Crypted.Gen"

    /var/log/http/2009/11/http-2009-11-03.log.gz:2009:11:03-19:27:25 stuffman httpproxy[18819]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.2.14" user="" statuscode="403" cached="0" profile="REF_feefDrZrCB (Zone 1)" filteraction="REF_DefaultHTTPCFFBlockAction (Zone 1)" size="2378" time="451 ms" request="0xb141a128" url="www.footerchat.com/.../Crypted.Gen"

    /var/log/http/2009/11/http-2009-11-03.log.gz:2009:11:03-19:38:27 stuffman httpproxy[18819]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.2.14" user="" statuscode="403" cached="0" profile="REF_feefDrZrCB (Zone 1)" filteraction="REF_DefaultHTTPCFFBlockAction (Zone 1)" size="2378" time="678 ms" request="0xb06fa9f0" url="www.footerchat.com/.../Crypted.Gen"

    /var/log/http/2009/11/http-2009-11-03.log.gz:2009:11:03-19:38:37 stuffman httpproxy[18819]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.2.14" user="" statuscode="403" cached="0" profile="REF_feefDrZrCB (Zone 1)" filteraction="REF_DefaultHTTPCFFBlockAction (Zone 1)" size="2378" time="485 ms" request="0xb06fa9f0" url="www.footerchat.com/.../Crypted.Gen"

    /var/log/http/2009/11/http-2009-11-03.log.gz:2009:11:03-19:39:10 stuffman httpproxy[18819]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.2.14" user="" statuscode="403" cached="0" profile="REF_feefDrZrCB (Zone 1)" filteraction="REF_DefaultHTTPCFFBlockAction (Zone 1)" size="2378" time="723 ms" request="0xa5848428" url="www.footerchat.com/.../Crypted.Gen"

    /var/log/http/2009/11/http-2009-11-03.log.gz:2009:11:03-19:39:15 stuffman httpproxy[18819]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.2.14" user="" statuscode="403" cached="0" profile="REF_feefDrZrCB (Zone 1)" filteraction="REF_DefaultHTTPCFFBlockAction (Zone 1)" size="2378" time="480 ms" request="0xa5848428" url="www.footerchat.com/.../Crypted.Gen"
  • 0
    I think the reporting sucks as well.
    If you just double clicked on the virus in the first report it should give you the list of users who were blocked and the site they were trying to access.

    But NOOO.. that would be too easy.
    Hell an email notification would be nice too.
  • 0
    the only way I can find the virus blocked is by searching  for the word "virus" within the HTTP log

    I have created an astaro feature request for antivirus reporting.Basically,I suggested having a different log for antivirus/antimalware and if it's possible to have the update patterns on each antivirus engine (easier to check virus /patterns)

    Extend functionality for Antivirus engines
  • 0 in reply to wingman
    I have to use "virus detected" in my search otherwise I get a screen full of info instead of just what was blocked.
  • 0 in reply to joequick
    I have to use "virus detected" in my search otherwise I get a screen full of info instead of just what was blocked.


    Please vote for the anti virus feature enhancement above [:)]
Cookie Information Banner