at a customer's location we have a PA for evaluation. Now we found that 2 viruses have been reported via SMTP. The AV policy was set to block for smtp.
Now the question is, how has this been treated. In the ACE exam there was the correct answer that it only alerts even if it set to block, but maybe this has changed in panos 5.0.6? Would be great to know, if the customer has a virus we could disinfect as a service or that the PA successfully defended the "holy grounds" :smileywink:
Solved! Go to Solution.
If the firewall detects a virus or spyware in SMTP, a 541 response is sent to the sending SMTP server to indicate that the message was rejected. This allows the Palo Alto Networks firewall to effectively block viruses distributed over SMTP.
For POP3/IMAP, the only action the firewall will ever take is “alert”. The device will never block or drop for these protocols, even if you configure an action of “block”.
just saw this threat because it was referenced in another Threat.
"For POP3/IMAP, the only action the firewall will ever take is “alert”. The device will never block or drop for these protocols, even if you configure an action of “block”."
--> This is not correct.
If you set "block" Action the PA will terminate (Reset) a Session is a Virus is found in Pop3/IMAP.
Be aware that you will not be able to get any new Mail from this Server until you delete the Virus on Server Site.
(Because everytime your Client requests new Mails your whole Session to the Server will be reset, not only the one with the Virus in it)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!