This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP/S malware blocked / Sophos UTM

Hello together,

How can I check which client is affected with the malware? Under Reporting / Webfilter (Virus) I can't find it unfortunately.

I'm working with a Sophos UTM Home Edition with the current firmware. The weekly Report shows me that the Sophos UTM has 125 HTTP/S malware blocked.

Thank you for your help.

Best regards



This thread was automatically locked due to age.
Parents Reply
  • Sure, you will see two printscreen.

    1. Name: excutive Report: The picture show was written in the weekly executiv report from 2017/08/06

    2. Name: webfilter_report: Under Logging / Reporting -> Web Protection

    Thank you for the help.

    Best regards

Children
  • The details are in the web filtering log file.   Go to View Log Files... Search.   Choose the Web Filterung logs snd a date range.   Search for"malware"

    If that fails, download tne logs and search in a text editor.   On Eindows, you will need to download 7zip (free) to unpack the .gz file format.

  • Hi DouglasFoster,

    Thank you for the replay.

    I did this already but I can't find something in the log files (with the search "malware"). What's going on? How can i figure out?

    Thank you for your help.

    Best regards

  • I answered zeus1976 in the German Forum.  The trick is that it's:

    zgrep 'categoryname="Malicious Sites"' /var/log/http/2017/08/* | grep -oP 'srcip=".*?"' |sort -n|uniq -c|sort -n

    -or-

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA