Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Anti Malware Blade - Log Definitions

Hello,

Checkpoint Anti Malware blade logs some reasons, as far as I understood, these logs mean as anti malware could not process the trafic, and because action is "accept" we need to manually control (or rely on other security products) if these traffic is malicious or not?

Could you please share the list of these reasons and definitions?

Example log:

<13>Sep 18 09:19:58 192.168.100.253 18Sep2019 09:19:58 accept x.x.x.x product: Anti Malware; src: y.y.y.y; s_port: 58780; dst: z.z.z.z; service: 25; proto: tcp; rule: ;LastUpdateTime: 1568787659;Suppressed logs: 1;__policy_id_tag: product=VPN-1 & FireWall-1[db_tag={.............};mgmt=xxxxxx;date=1568709586;policy_name=xxxxxxxxx];has_accounting: 0;i/f_dir: outbound;i/f_name: eth2-03;is_first_for_luuid: 0;logId: -1;log_id: 2;log_sequence_num: 59;log_type: log;log_version: 5;origin_sic_name: CN=xxxxxxxxxxxxxxxx-fw,O=xxxxxxxxxxxxxx..nmyete;reason: Mail processing timeout;received_bytes: 691;sent_bytes: 0;session_id: ;severity: 1;

 

some of Anti malware reasons:

Mail processing timeout, 

CFCHttpClient::ReadResponse() - Request timeout

Connection to center failed: Internal Server Error

 

0 Kudos
1 Reply
Highlighted
Champion
Champion

I would open a case with TAC for this issue !

0 Kudos