Knowledge Search


×
 

[SRX] Email notification is not sent when a virus is detected

  [KB31375] Show Article Properties


Summary:

SRX is not sending a notification email when a virus is being detected by the anti-virus module on the box.

Symptoms:

SRX is capable of scanning http, POP3, IMAP and SMTP using anti-virus for any virus which might be traversing through. When a virus is detected and email notifications have been correctly configured, it initiates an email to the email address specified in configuration about the virus detection event.

In this casea, a virus was detected over http traffic passing through the SRX, and an email notification was not triggered to the admin.  However, if a virus was detected on any other protocol (POP3, IMAP and SMTP), an email notification was sent successfully.

Solution:

This behavior is per design and fucntionality of anti-viirus:

  • Virus detected and blocked over http – No Notification email sent.

  • Virus detected and blocked over POP3,IMAP,SMTP – Notification email would be sent.

If the need is to monitor which virus is getting detected, syslogs can be configured as follows:


syslog {
     file antivirus-log {
         any any;
              match RT_UTM-AV;
       }
 }


The file would contain all the events related to anti-virus including virus detection alerts.

For configuring email notifications for AV on the SRX, refer to KB26517 - The detection/fallback notification mail is not being sent from the SRX device

Related Links: