Anti-virus not destroying (some times not detecting) virus on email.

Machado_Taimatica

I have a usg210 with firmware 4.32 and anti-virus, idp, anti-spam and content filter activated.
All my policies have the 4 features activated and I keep receiving virus on email even if the virus is detected and comes with the message [virus destroyed].


Anyone with same problem?

Zyxel_Emily

Hi @Machado_Taimatica,

 

Anti-Spam only can scan SMTP which traffic is not encrypted.

It checks SMTP and POP3 e-mails only. TLS is not scanned.

If mails are SMTP and POP3, make sure Virus Outbreak Detection is enabled in Mail Scan.

Make sure the signature version is the latest 2.0.2.156.

Go to CONFIGURATION > UTM Profile > Anti-Virus > Signature.

Enter the virus name, click Search and check if it is in the signature database.

Machado_Taimatica

Hi Zyxel_Emily

Thank you for your answer.

I'm using POP with the following configuration


Zywall configuration is




and this happened today on one PC and local Kaspersky destroyed all the threats


and the signature exists for exploit.msoffice.generic and exploit.rtf.agent.gen.
 No signature for trojan.html.fraude.gen

Zyxel_Emily

Hi Machado_Taimatica,

 

Trojan.HTML.Fraud.gen is not in the database, so it will not be detected.

About Exploit.MSOffice.Generic and Exploit.RTF.Agent.gen, we need the virus file and configuration to clarify the issue.

I will send you a private message for more information of this issue.