ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Antivirus Report

03.05.09   |  
‎03-05-2009 02:30 PM



How can I see the files that were infected and wich were recognized by the antivirus?

With the command “get av statistics” I see this:


No Scan: Max Msg:            0
No Scan: Max Content Size:   6
Fwd to Scan Engine: Total:   69234
Fwd to Scan Engine (scan-all):          0
Fwd to Scan Engine (scan-intelligent):  69226
Fwd to Scan Engine (scan-ext):          0
Scan Code: Clear             68961
Scan Code: Infect            230


Is there any report of these 230 files?



ScreenOS Firewalls (NOT SRX)

Re: Antivirus Report

03.06.09   |  
‎03-06-2009 10:54 AM



Actually, I think you need to review the "get event" log output to determine if virus has been detected.

The event log is going to look something like this :


IP address:integer->IP

address:string%.64sstringfile %.64s virus string

Meaning  The AV scanner has detected a virus in the traffic from the specified

source IP address and port number to the specified destination IP

address and port number. The text string at the end of the message

contains the name


The full Netscreen Event log can also be downloaded from the following go to the section on "CLI & Messages":

Ref to Chtp 6 : Antivirus




****pls click the button " Accept as Solution" if my post helped to solve your problem****