This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
102ac7c9-fa30-4
Explorer
‎2019-01-03 09:30 AM

receiving a lots of email antimalware alert email

hi, we are receiving lots of email antimalware , i applied fix describe her sk89160 but still sending emails

this is the alert

3Jan2019 11:51:21 ctl    fw1 >daemon mail description:PM Compile error for request resource cl.ly(+)Response malware name MALWARE-URL.TC.jvuy;reason:LSS given by user is illegal;severity:3;product:New Anti Virus;product_family:Network
 3Jan2019 11:51:22 ctl    fw1 >daemon mail description:PM Compile error for request resource cl.ly(+)Response malware name MALWARE-URL.TC.jvuy;reason:LSS given by user is illegal;severity:3;product:New Anti Virus;product_family:Network

Any other fix that i could apply?

5 Replies
PhoneBoy
Admin
Admin
‎2019-01-05 12:26 AM

See: Numerous alert emails indicating that Anti-Malware blade has received PM Compile Error with reason: ... 

0 Kudos
102ac7c9-fa30-4
Explorer
‎2019-01-05 05:11 AM
In response to PhoneBoy

Thank you, but I made those adjustments recommended in the sk89160 (Detect the event when at least=200 and logs were occurred over a period of=600 )apply policies, the 27th of last week however on January 3 the alerts reappeared constantly for two hours and stopped at this time we could not find out which is the cause, is a real malware alert? or just an error that can be remedied by applying some other adjustment? and really that would be causing it.

The email alert :

 3Jan2019 11:51:22 ctl fw1 >daemon mail description:PM Compile error for request resourcecl.ly(+)Response malware name MALWARE-URL.TC.jvuy;reason:LSS given by user is illegal;severity:3;product:New Anti Virus;product_family:Network

3Jan2019 11:51:23 ctl fw1 >daemon mail description:PM Compile error for request resourcecl.ly/favicon.ico(+)response(+)Response malware name MALWARE-URL.TC.jvuy;reason:LSS given by user is illegal;severity:3;product:New Anti Virus;product_family:Network

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-05 09:29 AM
In response to 102ac7c9-fa30-4

I recommend opening a TAC case so we can investigate.

0 Kudos
Kevin_Vargo
Collaborator
‎2019-03-06 08:00 AM
In response to PhoneBoy

Is there an SK for an 80.20 mgmt server?  I've seen one of these every few weeks as well.

HeaderDateHour:  6Mar2019  9:36:45; ContentVersion: 5; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: 6; Action: ctl; Origin: FWFRONT102; IfDir: >; InterfaceName: daemon; Alert: useralert; OriginSicName: N/A; description: PM Compile error for request resource cl.ly(+)Response malware name MALWARE-URL.TC.jvuy; reason: LSS given by user is illegal; severity: 3; ProductName: New Anti Virus; ProductFamily: Network;

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-06 06:43 PM
In response to Kevin_Vargo

I don't see anything in the SK I mentioned that suggests it wouldn't also apply to R80.20 either.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events