Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
102ac7c9-fa30-4
Explorer

receiving a lots of email antimalware alert email

hi, we are receiving lots of email antimalware , i applied fix describe her sk89160 but still sending emails

this is the alert

3Jan2019 11:51:21 ctl    fw1 >daemon mail description:PM Compile error for request resource cl.ly(+)Response malware name MALWARE-URL.TC.jvuy;reason:LSS given by user is illegal;severity:3;product:New Anti Virus;product_family:Network
 3Jan2019 11:51:22 ctl    fw1 >daemon mail description:PM Compile error for request resource cl.ly(+)Response malware name MALWARE-URL.TC.jvuy;reason:LSS given by user is illegal;severity:3;product:New Anti Virus;product_family:Network

Any other fix that i could apply?

5 Replies
PhoneBoy
Admin
Admin

0 Kudos
102ac7c9-fa30-4
Explorer

Thank you, but I made those adjustments recommended in the sk89160 (Detect the event when at least=200 and logs were occurred over a period of=600 )apply policies, the 27th of last week however on January 3 the alerts reappeared constantly for two hours and stopped at this time we could not find out which is the cause, is a real malware alert? or just an error that can be remedied by applying some other adjustment? and really that would be causing it.

The email alert :

 3Jan2019 11:51:22 ctl fw1 >daemon mail description:PM Compile error for request resourcecl.ly(+)Response malware name MALWARE-URL.TC.jvuy;reason:LSS given by user is illegal;severity:3;product:New Anti Virus;product_family:Network

3Jan2019 11:51:23 ctl fw1 >daemon mail description:PM Compile error for request resourcecl.ly/favicon.ico(+)response(+)Response malware name MALWARE-URL.TC.jvuy;reason:LSS given by user is illegal;severity:3;product:New Anti Virus;product_family:Network

0 Kudos
PhoneBoy
Admin
Admin

I recommend opening a TAC case so we can investigate.

0 Kudos
Kevin_Vargo
Collaborator

Is there an SK for an 80.20 mgmt server?  I've seen one of these every few weeks as well.

HeaderDateHour:  6Mar2019  9:36:45; ContentVersion: 5; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: 6; Action: ctl; Origin: FWFRONT102; IfDir: >; InterfaceName: daemon; Alert: useralert; OriginSicName: N/A; description: PM Compile error for request resource cl.ly(+)Response malware name MALWARE-URL.TC.jvuy; reason: LSS given by user is illegal; severity: 3; ProductName: New Anti Virus; ProductFamily: Network;

0 Kudos
PhoneBoy
Admin
Admin

I don't see anything in the SK I mentioned that suggests it wouldn't also apply to R80.20 either.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events