Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Email notification is not sent when a virus is detected

0

0

Article ID: KB31375 KB Last Updated: 30 Dec 2016Version: 1.0
Summary:

SRX is not sending a notification email when a virus is being detected by the anti-virus module on the box.

Symptoms:

SRX is capable of scanning http, POP3, IMAP and SMTP using anti-virus for any virus which might be traversing through. When a virus is detected and email notifications have been correctly configured, it initiates an email to the email address specified in configuration about the virus detection event.

In this casea, a virus was detected over http traffic passing through the SRX, and an email notification was not triggered to the admin.  However, if a virus was detected on any other protocol (POP3, IMAP and SMTP), an email notification was sent successfully.

Solution:

This behavior is per design and fucntionality of anti-viirus:

  • Virus detected and blocked over http – No Notification email sent.

  • Virus detected and blocked over POP3,IMAP,SMTP – Notification email would be sent.

If the need is to monitor which virus is getting detected, syslogs can be configured as follows:


syslog {
     file antivirus-log {
         any any;
              match RT_UTM-AV;
       }
 }


The file would contain all the events related to anti-virus including virus detection alerts.

For configuring email notifications for AV on the SRX, refer to KB26517 - The detection/fallback notification mail is not being sent from the SRX device

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search