Operational Defect Database
BugZero found this defect 3454 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3jvSAA
Virus-infected file remnants may be released before AV scan is complete
Last update date:
12/4/2015
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.1.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
Fixed releases:
v11.10.7
Description:
Issue
When you configure an SMTP or POP3 Proxy policy to use Gateway AV or APT Blocker with the action set to Remove detected viruses, a user can still receive part of a virus-infected file.
Workaround/Solution
For emails received through SMTP connections, you can simply drop the entire connection instead of trying to strip the virus or quarantine the email. To set this up through Fireware Web UI: Select Subscription Services > Gateway AV. Select the SMTP Proxy action that handles inbound email.Click Configure. From the When a virus is detected drop-down menu, select Drop. Click SAVE to confirm the configuration change. The default action for APT is Drop. If you have changed this to Quarantine, you must change it back to Drop to prevent the partial attachments issue.
