pdf malware

Sam

I received an email with a pdf malware attached.

Shouldn't USG40 blocked it ?

It was blocked by Avast anti-virus software

Alfonso

Hi @Sam

The answer to your question is: It depends.

What does it depend on?

- Some flows could not easily be analyzed by the firewall. For example https. If the tunnel is between a pc and a web server, no one can decrypt that traffic.

- Although the file could be transmitted via a not encrypted flow, the virus definitions database could not be updated. And although it is updated, that virus could not be included (yet).

I suggest uploading the file to:

www.virustotal.com

and verify that most of the new virus are only detected by some antivirus.

From my point of view, there is not a better antivirus than other for a long time.

Today's best could be the worst next month or next year.

The "best" strategy is to have several antiviruses at different layers of the network, as you have done.
An antivirus on the firewall, and a different antivirus on the PC/Server ... and lit a candle to the saints.

Regards

RUnglaube

Alfonso said:

... and lit a candle to the saints.

good one!

Zyxel_Emily

Hi @Sam,

Anti-Spam can scan SMTP and POP3 which traffic is not encrypted.

Since TLS is encrypted data, it won’t be scanned.

If mails are SMTP and POP3, make sure Virus Outbreak Detection is enabled in Mail Scan.

To check if it is in the signature database, go to CONFIGURATION > UTM Profile > Anti-Virus > Signature, enter the virus name and click “Search”.

 

Besides, Kaspersky commercial/home product are file-based detection product. It will scan the whole file (when computer received completely) and then compare it to Kaspersky AV signatures. 

However, KAV on ZyWALL is designed for gateway anti-virus protection, it is stream-based detection method (checking packet one by one). So the signature database is different from file-based signature. 

These two are based on two different technology.