FLEX 200H - detects infected files but passes them on

HUBERTKASPRZAK · September 16

Hello, I have it FLEX 200 H - V1.21(ABWV.0)ITS-24WK35-m5760 device detects infected files but passes them on.

Zyxel_Judy · September 19

If the firewall alerts you that a malware-infected file has been found but the file was still forwarded to you, please ensure that the "Destroy Infected File" option is enabled under Security Services > Anti-Malware. This setting ensures that infected files are modified or blocked before being forwarded, preventing them from being executed.

If you have followed these steps but are still receiving infected files, please provide the following information for further investigation:

A screenshot of the relevant configuration
The type of issue encountered
Logs or screenshots showing the infected file passing through

HUBERTKASPRZAK · September 19

This is my configuration, it allows infected files or does not recognize them despite the infection of *.zip *.exe *.pdf files

HUBERT_KASPRZAK · September 25

For 1 month, Flex did not detect 40 infected files in mail, it only detected 2

Zyxel_Judy · October 1

HI @HUBERTKASPRZAK ,

This is my configuration, it allows infected files or does not recognize them despite the infection of *.zip *.exe *.pdf files

We are unclear about your message. Could you please provide the following information as a list?

A screenshot of the relevant configuration
The type of files encountered issue
Logs or screenshots showing the infected file passing through
How you confirmed that the files are infected after they passed through

HUBERT_KASPRZAK · October 1

After observing the device for 1 month with the FLEX 200 H - V1.21(ABWV.0)ITS-24WK35-m5760 software, I found that it did not detect 40 email infected with extensions*. bat, exe, pdf, rar, img, doc. Fortunately, Eset removed the threat after downloading the message. Attached is the 200H setting and a screenshot from Secureporter.I am able to send infected messages to test the operation of the device.

Zyxel_Judy · October 7

Hi @HUBERT_KASPRZAK ,

Could you clarify which email protocol your service uses? Is it server-to-server SMTP (encrypted) or POP3?

If using server-to-server SMTP (encrypted): In most cases, server-to-server communication runs over STARTTLS. When the mail service transmits using encryption, the firewall's anti-malware feature cannot inspect the traffic.
If using POP3 for mail receiving: Please provide the infected file, and we will analyze it and get back to you with feedback.

bbp · October 8

https://community.zyxel.com/en/discussion/comment/70255#Comment_70255

These days both POP3 and IMAP are encrypted too. @HUBERTKASPRZAK needs to configure "SSL inspection" for 200H to be able to inspect encrypted traffic.

HUBERT_KASPRZAK · October 8

Pop3, port standard 110. Please provide the e-mail address to which the virus messages should be sent

Zyxel_Nami · October 9

https://community.zyxel.com/en/discussion/comment/70295#Comment_70295

Hello @HUBERT_KASPRZAK

I have just sent you the private message, please provide the file there, thank you

Zyxel_Judy · November 14

Hi @HUBERT_KASPRZAK ,

Thank you for providing the test file.

Regarding our lab test: We used the EICAR test file to verify that our anti-malware software can effectively scan and remove detected files, as shown in this screenshot.

However, it failed to detect the email attachments you provided. We will investigate solutions to enhance the accuracy of antivirus signature detection.

FLEX 200H - detects infected files but passes them on

All Replies

Categories

Security Help Center