Question about threat logs - Type wildfire-virus

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Question about threat logs - Type wildfire-virus

L4 Transporter

Hi all,

 

just wondering why I see in our threat logs entries with the type wildfire-virus only for the application smtp...

 

(I would like to post some screenshots, but I cant find the upload button?)

 

 What is the type wildfire-virus standing for? And where can I enable it for other applications as well?

4 REPLIES 4

L3 Networker

Hi @Hithead,

 

wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures. 

In short,

AV signatures are identified using subtype virus.

Wildfire signatures are identified using subtype wildfire-virus.

 

Hope this helps.

 

Thank You.

 

thank you very much vor your response.

 

But I'm still wondering, why I see wildfire-virus logs only in combination with smtp... I guess wildfire-virus should also track and identify threats on other protocols/applications as well...

 

 

Hi @Hithead

 

Sure it should inspect traffic from other decoders as well.wildfire.JPG

 

Wildfire action is set using the highlighted column in anti-virus profile.

 

You might need to check lot of other factors -

1. What is the action for other decoders than smtp?

2. The policy to which the AV profile is applied. Does it process other kind of traffic?

3. If it does, do the other traffic actually carry any threat data? 

4. Do you have any exceptions applied under applications tab in the screenshot above?

Etc.

 

Thank You.

1. What is the action for other decoders than smtp?

Action: all block; WildFire Action: all block

 

2. The policy to which the AV profile is applied. Does it process other kind of traffic?

no diffrent AV profile is used between other rules. but the policy for smtp only allow smtp (app-default) traffic.

 

3. If it does, do the other traffic actually carry any threat data? 

threat data on other policies are there (except wildfire-virus)

 

4. Do you have any exceptions applied under applications tab in the screenshot above?

nope

  • 5866 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!