pdf malware

Sam
Sam Posts: 11  Freshman Member
First Anniversary First Comment
edited April 2021 in Security
I received an email with a pdf malware attached.
Shouldn't USG40 blocked it ?
It was blocked by Avast anti-virus software


All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Hi @Sam

    The answer to your question is: It depends.

    What does it depend on?

    - Some flows could not easily be analyzed by the firewall. For example https. If the tunnel is between a pc and a web server, no one can decrypt that traffic.

    - Although the file could be transmitted via a not encrypted flow, the virus definitions database could not be updated. And although it is updated, that virus could not be included (yet).

    I suggest uploading the file to:

    www.virustotal.com

    and verify that most of the new virus are only detected by some antivirus.

    From my point of view, there is not a better antivirus than other for a long time.

    Today's best could be the worst next month or next year.

    The "best" strategy is to have several antiviruses at different layers of the network, as you have done.
    An antivirus on the firewall, and a different antivirus on the PC/Server ... and lit a candle to the saints.

    Regards
  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Alfonso said:
    ... and lit a candle to the saints.
    :lol: good one!
    "You will never walk along"
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Sam,

    Anti-Spam can scan SMTP and POP3 which traffic is not encrypted.
    Since TLS is encrypted data, it won’t be scanned.
    If mails are SMTP and POP3, make sure Virus Outbreak Detection is enabled in Mail Scan.
    To check if it is in the signature database, go to CONFIGURATION > UTM Profile > Anti-Virus > Signature, enter the virus name and click “Search”.
     
    Besides, Kaspersky commercial/home product are file-based detection product. It will scan the whole file (when computer received completely) and then compare it to Kaspersky AV signatures. 
    However, KAV on ZyWALL is designed for gateway anti-virus protection, it is stream-based detection method (checking packet one by one). So the signature database is different from file-based signature. 
    These two are based on two different technology.

Security Highlight