https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10686#M7870 <HTML><HEAD></HEAD><BODY><P>If the firewall detects a virus or spyware in SMTP, a 541 response is sent to the sending SMTP server to indicate that the message was rejected. This allows the Palo Alto Networks firewall to effectively block viruses distributed over SMTP.</P><P></P><P>For POP3/IMAP, the only action the firewall will ever take is “alert”. The device will never block or drop for these protocols, even if you configure an action of “block”.</P></BODY></HTML> Thu, 08 Aug 2013 09:22:34 GMT harshanatarajan 2013-08-08T09:22:34Z https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10684#M7868 <HTML><HEAD></HEAD><BODY><P>Hey guys,</P><P></P><P>at a customer's location we have a PA for evaluation. Now we found that 2 viruses have been reported via SMTP. The AV policy was set to block for smtp. </P><P></P><P>Now the question is, how has this been treated. In the ACE exam there was the correct answer that it only alerts even if it set to block, but maybe this has changed in panos 5.0.6? Would be great to know, if the customer has a virus we could disinfect as a service or that the PA successfully defended the "holy grounds" <img id="smileywink" class="emoticon emoticon-smileywink" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-wink.png" alt="Smiley Wink" title="Smiley Wink" /></P></BODY></HTML> Thu, 08 Aug 2013 09:13:11 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10684#M7868 vertical 2013-08-08T09:13:11Z https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10685#M7869 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Alert is just log the alert but do not block</P><P>Block is log the alert an block the stream.</P><P></P><P>Hope help </P><P></P><P>V.</P></BODY></HTML> Thu, 08 Aug 2013 09:20:10 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10685#M7869 VinceM 2013-08-08T09:20:10Z https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10686#M7870 <HTML><HEAD></HEAD><BODY><P>If the firewall detects a virus or spyware in SMTP, a 541 response is sent to the sending SMTP server to indicate that the message was rejected. This allows the Palo Alto Networks firewall to effectively block viruses distributed over SMTP.</P><P></P><P>For POP3/IMAP, the only action the firewall will ever take is “alert”. The device will never block or drop for these protocols, even if you configure an action of “block”.</P></BODY></HTML> Thu, 08 Aug 2013 09:22:34 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10686#M7870 harshanatarajan 2013-08-08T09:22:34Z https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10687#M7871 <HTML><HEAD></HEAD><BODY><P>thanks for that <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Thu, 08 Aug 2013 09:29:55 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10687#M7871 vertical 2013-08-08T09:29:55Z https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10688#M7872 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>just saw this threat because it was referenced in another Threat.</P><P></P><P>"For POP3/IMAP, the only action the firewall will ever take is “alert”. The device will never block or drop for these protocols, even if you configure an action of “block”."</P><P>--&gt; This is not correct.</P><P>If you set "block" Action the PA will terminate (Reset) a Session is a Virus is found in Pop3/IMAP.</P><P>Be aware that you will not be able to get any new Mail from this Server until you delete the Virus on Server Site.</P><P>(Because everytime your Client requests new Mails your whole Session to the Server will be reset, not only the one with the Virus in it)</P><P></P><P>Regards</P><P>Marco</P></BODY></HTML> Mon, 15 Dec 2014 09:13:32 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-block-action-for-mail-protocols/m-p/10688#M7872 MarcoLeckel 2014-12-15T09:13:32Z