We received the belwo critical alert from our syslog server for a couple days with various source computers and a couple destination IP's (cloudflare is one). I log into the UTM/device and I can't find a 'Virus' or 'Anti-Virus' log.
device="SFW" date=2022-07-04 time=00:09:50 timezone="EDT" device_name="XGname" device_id=xxxxxxxxxxx log_id=xxxxxx log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" priority=Critical fw_rule_id=5 user_name="xxxxxx" iap=7 av_policy_name="" virus="Unscannable" url="">crl.sectigo.com/SectigoRSACodeSigningCA.crl" domainname="crl.sectigo.com" src_ip=,xxxxxxx src_country_code=USA dst_ip=188.8.131.52 (unresolved) dst_country_code=USA protocol="TCP" src_port=xxxxx dst_port=80 sent_bytes=232 recv_bytes=96085 user_agent="Microsoft-CryptoAPI/10.0" status_code=500
Thanks in advance
Hi john marion It seems under Web > General settings > Action on malware scan failure > Set to block with your XG and malware scanning seems to fail for the above URL which you have mentioned at Proxy…