https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-R80-10-MTA-now-includes-AV-blade-features/m-p/41040#M13595 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>so with the following MTA takes you got AV blade support INSIDE MTA for R80.10 and R80.20:</P><P></P><TABLE style="color: #000000; background-color: #ffffff; font-size: 14px; width: 663px;"><TBODY><TR><TD style="width: 55px;">24.10.18</TD><TD style="width: 82px;"><P><STRONG>R80_10_mta</STRONG></P><P><STRONG>Take 21</STRONG></P></TD><TD style="width: 109px;">8010.991003028&nbsp;</TD><TD style="width: 390px;"><UL><LI>Alignment to R80.20 MTA engine update <UL><LI>Anti-Virus over MTA support</LI></UL></LI></UL></TD></TR></TBODY></TABLE><P></P><TABLE style="color: #000000; background-color: #ffffff; font-size: 14px;"><TBODY><TR><TD>10.10.18</TD><TD><P><STRONG>R80_20_mta</STRONG></P><P><STRONG>Take 7</STRONG></P></TD><TD>8020.991002075</TD><TD><P>The following are available in R80.20 Gateway &amp; Management:</P><UL><LI>Anti-Virus over MTA support</LI></UL></TD></TR></TBODY></TABLE><P></P><P><A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk123174" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk123174">Mail Transfer Agent Update - What&amp;apos;s New</A>&nbsp;</P><P></P><P>Make sure you have installed latest take via CPUSE:</P><P></P><P><IMG __jive_id="74787" class="image-1 jive-image" height="260" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74787_pastedImage_2.png" width="969" /></P><P></P><P></P><P><STRONG>AV configuration</STRONG></P><P></P><P>So with these takes you get AV feature inside MTA.</P><P>This means you configure AV as usual in your profile and this will be enforced on email inside MTA (no stream blocking issues anymore):</P><P></P><P><IMG __jive_id="74789" class="image-2 jive-image" height="195" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74789_pastedImage_3.png" width="967" /></P><P></P><P><IMG __jive_id="74790" class="image-3 jive-image" height="347" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74790_pastedImage_4.png" width="683" /></P><P><IMG __jive_id="74791" class="jive-image image-4" height="633" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74791_pastedImage_5.png" width="682" /></P><P></P><P></P><P><STRONG>AV action</STRONG></P><P></P><P>The action that is taken by AV is shared also with TE in this section of the TP profile:</P><P></P><P><IMG __jive_id="74797" class="image-9 jive-image" height="682" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74797_pastedImage_15.png" width="677" /></P><P></P><P></P><P><STRONG>AV logging</STRONG></P><P></P><P>After enabling you will see malicious AV events in MTA:</P><P></P><P><IMG __jive_id="74792" class="image-5 jive-image" height="216" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74792_pastedImage_6.png" width="938" /></P><P></P><P><IMG __jive_id="74794" class="image-6 jive-image" height="691" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74794_pastedImage_8.png" width="707" /></P><P></P><P></P><P><STRONG>AV file type blocking</STRONG></P><P></P><P>You can also leverage AV´s file blocking capabilities including Magic Byte detection.</P><P>Here is a sample configuration to block all Executables directly attached to email messages:</P><P></P><P><IMG __jive_id="74796" class="jive-image image-8" height="510" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74796_pastedImage_10.png" width="551" /></P><P><IMG __jive_id="74798" class="jive-image image-10" height="205" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74798_pastedImage_17.png" width="551" /></P><P></P><P>And the related log:</P><P></P><P><IMG __jive_id="74799" class="image-11 jive-image" height="626" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74799_pastedImage_18.png" width="647" /></P><P></P><P>Regards Thomas</P></BODY></HTML> Wed, 21 Nov 2018 15:33:39 GMT Thomas_Werner 2018-11-21T15:33:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-R80-10-MTA-now-includes-AV-blade-features/m-p/41040#M13595 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>so with the following MTA takes you got AV blade support INSIDE MTA for R80.10 and R80.20:</P><P></P><TABLE style="color: #000000; background-color: #ffffff; font-size: 14px; width: 663px;"><TBODY><TR><TD style="width: 55px;">24.10.18</TD><TD style="width: 82px;"><P><STRONG>R80_10_mta</STRONG></P><P><STRONG>Take 21</STRONG></P></TD><TD style="width: 109px;">8010.991003028&nbsp;</TD><TD style="width: 390px;"><UL><LI>Alignment to R80.20 MTA engine update <UL><LI>Anti-Virus over MTA support</LI></UL></LI></UL></TD></TR></TBODY></TABLE><P></P><TABLE style="color: #000000; background-color: #ffffff; font-size: 14px;"><TBODY><TR><TD>10.10.18</TD><TD><P><STRONG>R80_20_mta</STRONG></P><P><STRONG>Take 7</STRONG></P></TD><TD>8020.991002075</TD><TD><P>The following are available in R80.20 Gateway &amp; Management:</P><UL><LI>Anti-Virus over MTA support</LI></UL></TD></TR></TBODY></TABLE><P></P><P><A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk123174" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk123174">Mail Transfer Agent Update - What&amp;apos;s New</A>&nbsp;</P><P></P><P>Make sure you have installed latest take via CPUSE:</P><P></P><P><IMG __jive_id="74787" class="image-1 jive-image" height="260" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74787_pastedImage_2.png" width="969" /></P><P></P><P></P><P><STRONG>AV configuration</STRONG></P><P></P><P>So with these takes you get AV feature inside MTA.</P><P>This means you configure AV as usual in your profile and this will be enforced on email inside MTA (no stream blocking issues anymore):</P><P></P><P><IMG __jive_id="74789" class="image-2 jive-image" height="195" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74789_pastedImage_3.png" width="967" /></P><P></P><P><IMG __jive_id="74790" class="image-3 jive-image" height="347" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74790_pastedImage_4.png" width="683" /></P><P><IMG __jive_id="74791" class="jive-image image-4" height="633" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74791_pastedImage_5.png" width="682" /></P><P></P><P></P><P><STRONG>AV action</STRONG></P><P></P><P>The action that is taken by AV is shared also with TE in this section of the TP profile:</P><P></P><P><IMG __jive_id="74797" class="image-9 jive-image" height="682" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74797_pastedImage_15.png" width="677" /></P><P></P><P></P><P><STRONG>AV logging</STRONG></P><P></P><P>After enabling you will see malicious AV events in MTA:</P><P></P><P><IMG __jive_id="74792" class="image-5 jive-image" height="216" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74792_pastedImage_6.png" width="938" /></P><P></P><P><IMG __jive_id="74794" class="image-6 jive-image" height="691" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74794_pastedImage_8.png" width="707" /></P><P></P><P></P><P><STRONG>AV file type blocking</STRONG></P><P></P><P>You can also leverage AV´s file blocking capabilities including Magic Byte detection.</P><P>Here is a sample configuration to block all Executables directly attached to email messages:</P><P></P><P><IMG __jive_id="74796" class="jive-image image-8" height="510" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74796_pastedImage_10.png" width="551" /></P><P><IMG __jive_id="74798" class="jive-image image-10" height="205" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74798_pastedImage_17.png" width="551" /></P><P></P><P>And the related log:</P><P></P><P><IMG __jive_id="74799" class="image-11 jive-image" height="626" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74799_pastedImage_18.png" width="647" /></P><P></P><P>Regards Thomas</P></BODY></HTML> Wed, 21 Nov 2018 15:33:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/R80-20-R80-10-MTA-now-includes-AV-blade-features/m-p/41040#M13595 Thomas_Werner 2018-11-21T15:33:39Z