ScreenOS Firewalls (NOT SRX)
Reply
Contributor
Posts: 13
Registered: ‎07-22-2008
0

Antivirus Report


Hello,

 

How can I see the files that were infected and wich were recognized by the antivirus?

With the command “get av statistics” I see this:

 

No Scan: Max Msg:            0
No Scan: Max Content Size:   6
Fwd to Scan Engine: Total:   69234
Fwd to Scan Engine (scan-all):          0
Fwd to Scan Engine (scan-intelligent):  69226
Fwd to Scan Engine (scan-ext):          0
Scan Code: Clear             68961
Scan Code: Infect            230

 

Is there any report of these 230 files?

 

Thanks.

Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 789
Registered: ‎07-26-2008
0

Re: Antivirus Report

Hi

 

Actually, I think you need to review the "get event" log output to determine if virus has been detected.

The event log is going to look something like this :

 

Message AV: VIRUS FOUND:
IP address:integer->IP

address:string%.64sstringfile %.64s virus string

Meaning  The AV scanner has detected a virus in the traffic from the specified

source IP address and port number to the specified destination IP

address and port number. The text string at the end of the message

contains the name

 

The full Netscreen Event log can also be downloaded from the following go to the section on "CLI & Messages":

 http://www.juniper.net/techpubs/software/screenos/screenos6.0.0/index.html#CLI

Ref to Chtp 6 : Antivirus

 

 

 

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.