This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP/S malware blocked / Sophos UTM

zeus1976 over 7 years ago

Hello together,

How can I check which client is affected with the malware? Under Reporting / Webfilter (Virus) I can't find it unfortunately.

I'm working with a Sophos UTM Home Edition with the current firmware. The weekly Report shows me that the Sophos UTM has 125 HTTP/S malware blocked.

Thank you for your help.

Best regards

This thread was automatically locked due to age.

Parents

0 zeus1976 over 7 years ago

Hello,

Can me somebody help me out?

Thx.

Best regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Louis-M over 7 years ago in reply to zeus1976

Can you post more details up? Where are you seeing this? Screenshot??
Cancel
Vote Up 0 Vote Down

Cancel
0 zeus1976 over 7 years ago in reply to Louis-M

Sure, you will see two printscreen.

1. Name: excutive Report: The picture show was written in the weekly executiv report from 2017/08/06

2. Name: webfilter_report: Under Logging / Reporting -> Web Protection

Thank you for the help.

Best regards
Cancel
Vote Up 0 Vote Down

Cancel
0 DouglasFoster over 7 years ago in reply to zeus1976

The details are in the web filtering log file. Go to View Log Files... Search. Choose the Web Filterung logs snd a date range. Search for"malware"

If that fails, download tne logs and search in a text editor. On Eindows, you will need to download 7zip (free) to unpack the .gz file format.
Cancel
Vote Up 0 Vote Down

Cancel
0 zeus1976 over 7 years ago in reply to DouglasFoster

Hi DouglasFoster,

Thank you for the replay.

I did this already but I can't find something in the log files (with the search "malware"). What's going on? How can i figure out?

Thank you for your help.

Best regards
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 7 years ago in reply to DouglasFoster

I answered zeus1976 in the German Forum. The trick is that it's:

zgrep 'categoryname="Malicious Sites"' /var/log/http/2017/08/* | grep -oP 'srcip=".*?"' |sort -n|uniq -c|sort -n

-or-

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 7 years ago in reply to DouglasFoster

I answered zeus1976 in the German Forum. The trick is that it's:

zgrep 'categoryname="Malicious Sites"' /var/log/http/2017/08/* | grep -oP 'srcip=".*?"' |sort -n|uniq -c|sort -n

-or-

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data