Virus/Worm detected: Spyeye Protocol: UNKNOWN(255) Source IP: 192.168.32.6 Destination IP: 66.206.12.8 Email Address From: " N/A" Email Address To: " N/A" http://www.fortinet.com/ve?vn=Spyeye date=2013-10-22 time=10:20:56 devname=FG100D3G........ devid=FG100D3G........ logid=0211008192 type=virus subtype=infected level=warning msg=" File is infected." status=" blocked" service=UNKNOWN(255) srcip=192.168.32.6 dstip=66.206.12.8 srcport=50727 dstport=80 srcintf=" internal2" dstintf=" ISP-Colt" policyid=30 identidx=0 sessionid=4795088 direction=N/A quarskip=" No skip" virus=" Spyeye" ref=" http://www.fortinet.com/ve?vid=0" profile=" default" srcname=" roadrunner.local" osname=" Mac OS X" osversion=" 10.8.5" unauthuser=" g......." unauthusersource=" forticlient" analyticssubmit=" false"It looks like it might have been a script on a web page that the user was browsing, which was trying to FTP down the Spyeye virus payload. But the message format is a bit confusing. It seems that the FortiGate A/V log lines have the same format regardless whether it' s web browsing, email, FTP, etc, which makes them a bit harder to read. And I' m new to FortiGate. So, did I interpret this correctly? thanks,
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.