Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 45 subscribers
  • Views 75242 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it Possible that the Firewall won't detect eicar ? ( Malware-Scanner activated..)

EgonLampert

Hi

Just setted up my new Sophos XG Firewall at home, but when I test the malware-scanner ( downloading EICAR-File) it won't be detected. malware-scanner is active, also in rule is it "on" 

Any help is kindly appreciated!

Regards



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara
    The issue only occurs with IE and scan mode "Real-time"! It's definitive a bug.

    mod
  • 0 in reply to mod2402
    So I gave it a try in real time scan mode using transparent and non transparent proxy mode. The result is the same: The XG firewall detected the eicar virus in all configurations. The XG Log Viewer for malware has an entry for each access on the eicar files.

    With both web browsers (Chrome, IE) I didn't get a block message within the browser. The Chrome browser showed a "not available page" with an ERR_CONTENT_LENGTH_MISMATCH, the Internet Explorer came up with a file save message. But the file on my disk was a zero file with no content.

    Surely you can discuss about the way it is handled. I don't know if you can handle it different with real time scanning. But in my configuration the XG firewall detects malware in real time and in batch mode.

    Best Regards.
Unfiltered HTML