Hi All
I have HTTp proxy with both antivirus enabled. Also I have sophos endpoint installed.
It seems that the endpoint catch more virus that the UTM. I would expect the sophos engine to get the following since (that's my understanding) both sophos engines are the same (UTM and endpoint)
Log below from the endpoint alert
Relevant log from web filter
However, this was not the case. According to virus total ,avira sees that as malware
https://www.virustotal.com/url/1306b...is/1336217603/
but is not blocked
Thanks
I have HTTp proxy with both antivirus enabled. Also I have sophos endpoint installed.
It seems that the endpoint catch more virus that the UTM. I would expect the sophos engine to get the following since (that's my understanding) both sophos engines are the same (UTM and endpoint)
Log below from the endpoint alert
Code:
Event: Access has been blocked to **********/gipoto/dabstepinattack.php" as 'Mal/ExpJS-AA' has been found at this website.Code:
2012:05:05-10:41:07 ****httpproxy[4521]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.***.***" dstip="173.236.50.237" user="" statuscode="200" cached="4" profile="REF_CnNPwVRtng (Internal Users)" filteraction="REF_DefaultHTTPCFFBlockAction (Internal Users)" size="11580" request="0xa96de5e0" url="http://********/gipoto/dabstepinattack.php" exceptions="" error="" country="United States" category="178" reputation="neutral" categoryname="Internet Services" content-type="text/html"https://www.virustotal.com/url/1306b...is/1336217603/
but is not blocked
Thanks