We received the belwo critical alert from our syslog server for a couple days with various source computers and a couple destination IP's (cloudflare is one). I log into the UTM/device and I can't find a 'Virus' or 'Anti-Virus' log.
device="SFW" date=2022-07-04 time=00:09:50 timezone="EDT" device_name="XGname" device_id=xxxxxxxxxxx log_id=xxxxxx log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" priority=Critical fw_rule_id=5 user_name="xxxxxx" iap=7 av_policy_name="" virus="Unscannable" url="">crl.sectigo.com/SectigoRSACodeSigningCA.crl" domainname="crl.sectigo.com" src_ip=,xxxxxxx src_country_code=USA dst_ip=220.127.116.11 (unresolved) dst_country_code=USA protocol="TCP" src_port=xxxxx dst_port=80 sent_bytes=232 recv_bytes=96085 user_agent="Microsoft-CryptoAPI/10.0" status_code=500
Thanks in advance
Hi john marion It seems under Web > General settings > Action on malware scan failure > Set to block with your XG and malware scanning seems to fail for the above URL which you have mentioned at Proxy…
Hi john marion It seems under Web > General settings > Action on malware scan failure > Set to block with your XG and malware scanning seems to fail for the above URL which you have mentioned at Proxy or DPI which is generating an alert. Now it could be a temporary issue around that time which was failing the URL scanning only at that moment however if the issue is static and still persist then you may re-produce it by accessing that URL to validate the logs of proxy and antivirus and if needed may log a support case to check it further.
Regards,Vishal RanpariyaTechnical Account Manager | Sophos Technical SupportSophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link.