Hi there!
For quite some time i've searched on the web for a solution on this problem.
Our UTM in China office is reporting infected hosts and it always pointing to our DNS server.
Since all DNS queries are first handled by a windows DNS server and than forwarded to the UTM it always show the DNS server as infected host.
I've enabled the DNS log on windows DNS server to find out which internal hosts were requesting access to the infected hosts on the web.
My problem is that the internal host that requested access to the infected internet host not seem to be infected. I've scanned with sophos AV, ADWCleaner, malwarebytes and nothing was found.
The websites that internal hosts are trying to access are normally:
js.ne08.com
c.360baidus.com
Can someone help?
Thank you!
This thread was automatically locked due to age.
