Syslog alert - virus unscannable

We received the belwo critical alert from our syslog server for a couple days with various source computers and a couple destination IP's (cloudflare is one). I log into the UTM/device and I can't  find a 'Virus' or 'Anti-Virus' log.  

device="SFW" date=2022-07-04 time=00:09:50 timezone="EDT" device_name="XGname" device_id=xxxxxxxxxxx log_id=xxxxxx log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" priority=Critical fw_rule_id=5 user_name="xxxxxx" iap=7 av_policy_name="" virus="Unscannable" url="">crl.sectigo.com/SectigoRSACodeSigningCA.crl" domainname="crl.sectigo.com" src_ip=,xxxxxxx src_country_code=USA dst_ip=172.64.155.188 (unresolved) dst_country_code=USA protocol="TCP" src_port=xxxxx dst_port=80 sent_bytes=232 recv_bytes=96085 user_agent="Microsoft-CryptoAPI/10.0" status_code=500

Thanks in advance



Added TAGs
[edited by: emmosophos at 10:50 PM (GMT -7) on 6 Jul 2022]

Top Replies

  • Hi  It seems under Web > General settings > Action on malware scan failure > Set to block with your XG and malware scanning seems to fail for the above URL which you have mentioned at Proxy…

Parents
  • Hi  It seems under Web > General settings > Action on malware scan failure > Set to block with your XG and malware scanning seems to fail for the above URL which you have mentioned at Proxy or DPI which is generating an alert. Now it could be a temporary issue around that time which was failing the URL scanning only at that moment however if the issue is static and still persist then you may re-produce it by accessing that URL to validate the logs of proxy and antivirus and if needed may log a support case to check it further.



    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Reply
  • Hi  It seems under Web > General settings > Action on malware scan failure > Set to block with your XG and malware scanning seems to fail for the above URL which you have mentioned at Proxy or DPI which is generating an alert. Now it could be a temporary issue around that time which was failing the URL scanning only at that moment however if the issue is static and still persist then you may re-produce it by accessing that URL to validate the logs of proxy and antivirus and if needed may log a support case to check it further.



    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children
No Data