cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

How to scan SFTP over SSH file transfers for virus or malware

L2 Linker

Hi all,

 

I just set up SSH decryption, also known as SSH proxy on the palo alto.

When I look at the actual sessions, I do see a checked box near to decrypted, so according to me the decryption itself works.

I also got a warning about a man in the middle attack after I enabled the decryption, because the keys changed.

 

Now what I want to achieve, is that SFTP file transfers are being scanned for virusses.

I downloaded the eicar.com test file to an external VPS on the internet, and I did SFTP to transfer this eicar.com file to a server I have protected by the palo alto and with SSH proxy decryption enabled.

 

Even though the palo sees the traffic, marks it as decrypted, and on the security antivirus is enabled, the palo does not seem to care about the fact that a virus is being uploaded.

 

What am I missing here?

 

Thank you for the pointers.

 

Who Me Too'd this topic