Operational Defect Database
BugZero found this defect 1325 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000bpXbSAI
Gateway AntiVirus misidentifies some macro-enabled Office documents as virus VBA.Heur.Mefisto.6.C6EAC02D.Gen
Last update date:
10/2/2020
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.5.x
12.6.x
Fixed releases:
All
Description:
Issue
Gateway AntiVirus can misidentify clean macro-enabled Microsoft Office documents as the VBA.Heur.Mefisto.6.C6EAC02D.Gen virus. This is not caused by a false positive with the Gateway AntiVirus signature provided by Bitdefender. The proxy makes a small change to the file as it passes from the proxy process to the Gateway AntiVirus engine for scanning, which results in the misclassification.
Workaround/Solution
For Office documents downloaded over HTTP/HTTPS, create an HTTP-proxy exception to bypass the Gateway AntiVirus scan. For Office documents received through POP3, IMAP, or SMTP proxies, add a Filenames rule to allow the file names by extension.
