How to get the usg 40 to stop virus before entering my mailserver?

magnewi
magnewi Posts: 2  Freshman Member
First Comment
edited April 2021 in Security
I hawing trouble to get this to work. Do you hawe a suggestion to set it up?

Comments

  • magnewi
    magnewi Posts: 2  Freshman Member
    First Comment
    I dowload the eicar from here: https://support.kaspersky.com/viruses/general/459 and the firewall do not stop it.But the win defender do.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited February 2018
    Hello magnewi,
    I tested it locally with Firmware:425AALA1ITS-WK51-r81231 and usg can block it.(Mail from PCHome account)
    Please make sure you enable the Anti-virus profile, and Enable Virus Outbreak Detection for this scenario.

    Charlie

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    But it's HTTPs will USG40 intercept the encrypted traffic ?

  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    I'm also interested in configuring the USG in A/V scanning in case all mail traffic is being sent over https / ssl.
    Any SSL chain interruption between source and final recipient should normally be considered as security threat. Insofar and since all german ISPs have switched their e-mail traffic to SSL only, we have disabled any SSL inspection for SSL secured traffic.
  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Hi together,
    my last information from ZYXEL was, that encrypted mail traffic is not scanned. They will be implement in a future release the posibility to scan encrypted mail traffic like the uncrypted traffic.

    Perhapse @Zyxel_Charlie can post the actualy status about the implementation ? :)

    regards
    Christian
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hello all,
    If you want to block the eicar (https download, encrypted traffic ), the device need to be enabled SSL Inspection(The USG40 does not support it).
    Moreover, just like Christian mentioned,  the USG series does not scan the encrypted mail traffic like Gmail.
    Charlie

  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Hello @Zyxel_Charlie,
    i got the information, that also a USG110 is actualy not able to scan encrypted mails :/
    Can you please confirm this and when ZYXEL plan to enable the scan for encrypted mail traffic?

    Thx and best regards
    Christian
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hello ChristianG,
    We still evaluate this enhancement. 
    Therefore, the request "the encrypted mail traffic will be scanned by device" I would like to move this request to ideas section. Once your ideas get lots of Likes on ideas section, we will give it to our product developers to have them evaluated and tell you the feedback!
    Charlie

  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Hello @Zyxel_Charlie
    if the functionality "mail scan" with encrypted mail traffic is not in scope.... perhapse ZYXEL can plan to offer a UTM License bundle without the AntiSpam module ;)

    Regards
    Christian

Security Highlight