Skip to main content
mhdganji
mhdganji
Explorer III
June 26, 2022
Solved

AntiVirus behaviour against different files

  • June 26, 2022
  • 1 reply
  • 4807 views

set up SSL deep inspection and now am able to find the viruses in https links too, but, while testing this with TekDefense.com (http://www.tekdefense.com/downloads/malware-samples/)

some files are recognized nut some not. For instance:

 

This one is recognized and blocked

http://www.tekdefense.com/downloads/malware-samples/malz4.zip

 

but these are downloaded and not blocked

http://www.tekdefense.com/downloads/malware-samples/malz5.zip

http://www.tekdefense.com/downloads/malware-samples/yitaly.exe.zip

 

I'm using the firewall in proxy mode (provides Internet to users via web proxy) and the mail policy rule to provide internet is proxy based.

 

Would you please give me hints what is the root cause? size of file? types of viruses? type of files or?

 

Regards,

Mohammad

Best answer by alizardo

Hi,

 

Please take a look at the “archive-block” “encrypted” option for each specific protocol under the av profile.

 

Regards,

Alexis

1 reply

vponmuniraj
Staff
vponmuniraj
Staff
June 26, 2022

Hi Mohammad,

 

If you suspect that files are not detected as viruses when they should be. Please report them using the link https://www.fortiguard.com/faq/onlinescanner

 

 

Regards,

 

mhdganji
mhdganjiAuthor
Explorer III
June 27, 2022

Hi,

Thanks, I downloaded the file mal5.zip from link above and tested with 3 AV solutions which detected most of them as viruses whereas the fortigate allowed downloaded the password protected file to be downloaded.

Anyway, I need these:

 

Do not allow password protected files (ZIP, RAR, TAR, ...) to be downloaded at all.

Make sure all files with all sizes are scanned and if there is any setting on Fortigate unit, where is it?

 

BTW, If I change a zip password protected file or an exe file extension to something like JPG, Is fortigate still able to detect the real format and do its AV scan job?

 

Regards,

 

mhdganji
mhdganjiAuthor
Explorer III
July 2, 2022

Hi again,

Not any policy or way to do this at least?

 

Do not allow password protected files (ZIP, RAR, TAR, ...) to be downloaded at all.

 

Terms & ConditionsAccessibility statement