FLEX 200H - detects infected files but passes them on
Hello, I have it FLEX 200 H - V1.21(ABWV.0)ITS-24WK35-m5760 device detects infected files but passes them on.
All Replies
-
Hi @HUBERTKASPRZAK ,
If the firewall alerts you that a malware-infected file has been found but the file was still forwarded to you, please ensure that the "Destroy Infected File" option is enabled under Security Services > Anti-Malware. This setting ensures that infected files are modified or blocked before being forwarded, preventing them from being executed.
If you have followed these steps but are still receiving infected files, please provide the following information for further investigation:
- A screenshot of the relevant configuration
- The type of issue encountered
- Logs or screenshots showing the infected file passing through
Judy
See how you've made an impact in Zyxel Community this year!
0 -
- This is my configuration, it allows infected files or does not recognize them despite the infection of *.zip *.exe *.pdf files
0 -
For 1 month, Flex did not detect 40 infected files in mail, it only detected 2
0 -
HI @HUBERTKASPRZAK ,
This is my configuration, it allows infected files or does not recognize them despite the infection of *.zip *.exe *.pdf files
We are unclear about your message. Could you please provide the following information as a list?
- A screenshot of the relevant configuration
- The type of files encountered issue
- Logs or screenshots showing the infected file passing through
- How you confirmed that the files are infected after they passed through
Judy
See how you've made an impact in Zyxel Community this year!
0 -
- After observing the device for 1 month with the FLEX 200 H - V1.21(ABWV.0)ITS-24WK35-m5760 software, I found that it did not detect 40 email infected with extensions*. bat, exe, pdf, rar, img, doc. Fortunately, Eset removed the threat after downloading the message. Attached is the 200H setting and a screenshot from Secureporter.I am able to send infected messages to test the operation of the device.
0 -
Hi @HUBERT_KASPRZAK ,
Could you clarify which email protocol your service uses? Is it server-to-server SMTP (encrypted) or POP3?
- If using server-to-server SMTP (encrypted): In most cases, server-to-server communication runs over STARTTLS. When the mail service transmits using encryption, the firewall's anti-malware feature cannot inspect the traffic.
- If using POP3 for mail receiving: Please provide the infected file, and we will analyze it and get back to you with feedback.
Judy
See how you've made an impact in Zyxel Community this year!
0 -
These days both POP3 and IMAP are encrypted too. @HUBERTKASPRZAK needs to configure "SSL inspection" for 200H to be able to inspect encrypted traffic.
0 -
Pop3, port standard 110. Please provide the e-mail address to which the virus messages should be sent
0 -
Hello @HUBERT_KASPRZAK
I have just sent you the private message, please provide the file there, thank you
See how you've made an impact in Zyxel Community this year!
Nami
0 -
Hi @HUBERT_KASPRZAK ,
Thank you for providing the test file.
Regarding our lab test: We used the EICAR test file to verify that our anti-malware software can effectively scan and remove detected files, as shown in this screenshot.
However, it failed to detect the email attachments you provided. We will investigate solutions to enhance the accuracy of antivirus signature detection.
Judy
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight