About gmoss

We have a bunch of files that we created that we need to upload via ftp to a remote server through the PA. The files trip the virus detector in the PA.  Here's a syslog entry with some identifying information changed: 2014-06-16T15:22:31+10:00 10.84.1.33 [user warning] 22:31,000XXXXXXX,THREAT,virus,1,2014/06/16 15:22:25,10.84.20.250,50.28.93.0,0.0.0.0,0.0.0.0,I2E-ftp-rule-ftp,,,ftp,vsys1,Interior,External,ethernet1/2,ethernet1/1,mylog,2014/06/16 15:22:30,41521,1,36871,32182,0,0,0x0,tcp,deny,"myfile-06.06.0000-Beta-win64.exe",Virus/Win32.WGeneric.cpfjf(2455553),any,medium,client-to-server,236674,0x0,10.0.0.0-10.255.255.255,United States,0, I scanned these files with several AV programs including clamav and I was able to upload it to virustotal (through the PA!) where it scanned completely clean. If I turn off virus checking on our ftp rule then someone may be able to download files with viruses so I don't want to do that but we need these files uploaded. How to do that? ... View more

I have a PA-500 5.0.6 From inside my network I see an MTU maximum of 1023.  From outside through my ISP I see the MTU that I expect of 1492.  Traffic through the PA sees an MTU of 1023.  I haven't changed the interfaces.  Is this possible to fix?  Where in the PA config would I look? bb33@bb33-vlinux:~  $ ping -s 995 google.com PING google.com (74.125.237.96) 995(1023) bytes of data. 1003 bytes from syd01s12-in-f0.1e100.net (74.125.237.96): icmp_req=1 ttl=52 time=29.8 ms 1003 bytes from syd01s12-in-f0.1e100.net (74.125.237.96): icmp_req=2 ttl=52 time=29.6 ms ^C --- google.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 29.673/29.782/29.892/0.204 ms bb33@bb33-vlinux:~ 1 $ ping -s 996 google.com PING google.com (74.125.237.201) 996(1024) bytes of data. ^C --- google.com ping statistics --- 36 packets transmitted, 0 received, 100% packet loss, time 35253ms bb33@bb33-vlinux:~ 1 $ ... View more