This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP/S Malware blocked in Weekly Executive Report

We have a UTM v9.355. Last week's weekly executive report showed "HTTP/S Malware blocked" at "1". We would like to know what malware (and from what internal computer) was blocked but have been unable to locate a log or any further information. An unanswered thread in June 2008 (https://community.sophos.com/products/unified-threat-management/f/55/t/43714) asked this question.

We searched the Web Filter logs for the past month but were unable to find any reliable results. We downloaded the EICAR test virus, which triggered event id 0056 ("web request blocked, virus detected") in the web filter log. Searching this event id gave no results. We tried nearby identifiers (e.g., 0054, 0055) without any success



This thread was automatically locked due to age.
Parents
  • Check in 'Logging & Reporting >> Web Protection'.  Does that do what you need?

    Cheers - Bob
    2017-02-21: Corrected "Filtering" to "Protection" Thanks to sectorblue's comment below.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • We searched last week's Web Filter logs using grep without any results. With 10 million lines, its a literal needle in a haystack. Anything in particular we should use as a keyword (other than "malware")?

  • You misunderstood my post above. Look in 'Reporting'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • There is not a Web Filter option under Logging & Reporting but there is a Web Protection option. We located the Virus Downloaders report, but that provides an empty result for the past month. We suspect the UTM categorizes a virus different than malware. There is no malware related report that we can find on this screen.

  • Hi there,

    one of my customers ask me the same. I couldn't answer him. I also can't find a report view where malware instead of virus is shown. Only the executive report shows malware hits. The executive report has shown 300 malware hits one day.

    Maybe, this is a Bug!?[:O] Since one year?

     

    regards

    mod

  • Guys, each of you please open a case with Sophos Support.  This is some kind of glitch.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Guys, each of you please open a case with Sophos Support.  This is some kind of glitch.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • case is opened in Germany, ID = 7075926

     

  • Hello

     

    I've also seen "HTTP/S Malware" in my Daily Executive report a few times but cannot seem to find any details on it via Logging & Reporting.

     

    We use iView and I can't see any Virus' for those days either.

     

    Did anyone find a solution to being able to see further information on the Malware?

    Using UTM 9.509-3

     

    Many thanks

  • Hello

     

    I've found the location:

    > Go to Logging & Reporting

    > Web Protection

    > Under the "Available Reports" drop down menu (top right), select "Categories"

    > Select the date range to search

    > Sort the Categories by Name (or just scroll down the list and look for "Malicious Sites")

    > Now you can select different views (e.g. Users, URLs etc.)

     

    Many thanks