Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
VEER
New Contributor

Virus/Worm detected

Hi Guys, can anyone give some guidance and instructions regarding the following alert?

 

 

Message meets Alert condition

Virus/Worm detected: MSIL/Kryptik.PVO!tr Protocol: "POP3" Email Address

 From:  Email Address To:

VIRUS REFERENCE URL:

http://www.fortinet.com/ve?vn=MSIL%2FKryptik.PVO%21tr

date=2018-10-23 time=10:42:49 devname=FGT60D*******

devid=FGT60D******* logid="0211008192" type="utm" subtype="virus"

eventtype="infected" level="warning" vd="root" eventtime=1540302169 msg="File is infected." action="blocked" service="POP3"

sessionid=14262919 srcip=192.168.1.106 dstip=46.235.42.203 srcport=50423

dstport=110 srcintf="internal" srcintfrole="lan" dstintf="wan1"

dstintfrole="wan" policyid=1 proto=6 direction="incoming"

filename="QUOTATION.lzh" quarskip="No-skip" virus="MSIL/Kryptik.PVO!tr"

dtype="Virus"

ref="http://www.fortinet.com/ve?vn=MSIL%2FKryptik.PVO%21tr"

virusid=7918466 profile="default"

analyticscksum="d4173c2132635a07f864bcf68c9e0cff4b860145bec71574c87727a00e6d426e"

analyticssubmit="false" crscore=50 crlevel="critical"

 

 

 

1 Solution
bommi
Contributor III

Hi,

 

there is someone on your network who uses an e-mail client which connects to an POP3 mailserver.

In the mailbox of this user are mail with malware attachments.

 

The logfile says that the fortigate blocked the download of the malicious mail.

 

Regards

bommi

NSE 4/5/7

View solution in original post

NSE 4/5/7
2 REPLIES 2
bommi
Contributor III

Hi,

 

there is someone on your network who uses an e-mail client which connects to an POP3 mailserver.

In the mailbox of this user are mail with malware attachments.

 

The logfile says that the fortigate blocked the download of the malicious mail.

 

Regards

bommi

NSE 4/5/7

NSE 4/5/7
VEER
New Contributor

thanks bommi

Labels
Top Kudoed Authors