cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2270
Views
0
Helpful
8
Replies
Highlighted
Beginner

ISA550W Antivirus: eicar testfile download

Hi,

I recently bought an ISA550W and are currently evaluating the security features - therefore I tried to download the Eicar "dummy" test virus.

I expected the ISA550W to deny the download, but it got through without a warning.

I tried to download the file from http://www.etes.de/downloads/eicar-testvirus/?file=tl_files/etes/downloads/anwenden/eicar.com, as the eicar website seems to get blocked by one of the other security services.

So the question is:

- is the antivirus service really working?

- how would that be tested typically?

Thanks!

8 REPLIES 8
Highlighted
Beginner

I don't know how you have done the AntiVirus setup but I promise to you this is working. This is always the first thing what I do with every Virus Scanner to see what will happens when the program will stop or prevent the download.

Can you send screenshots what configuration you have done?

Regards!

Thanks a lot!

Torsten Jahnke
founder and inventor of keweonDNS
Highlighted

Hmm,

I tried again this mornig and now I get a disconnect (as expected) - so it seems to work now (I made a few changes yesterday, so probably that was not enabled correctly).

However I do not see this event in the "security reports"/"Anti virus", although I do see other events in there (so antivirus seems to do its work). Looking at the IP address in the logs this seems to get blocked by the IDS rules (i do see the www.etes.de IP address being blocked in the "security reports"/"IDS").

What also is intersting is that the IDS rules also seem to block the wikipedia page on the EICAR test (

http://de.wikipedia.org/wiki/EICAR-Testdatei) but it does not block the same page accessed over https (

https://de.wikipedia.org/wiki/EICAR-Testdatei).

So the questions are now:

  • As the IDS seems to have priority over the antivirus service, how to  test the if the antivirus is working (other than switching off the IDS)?
  • Is antivirus and IDS working over https at all or am I missing something (is there a builtin https proxy and how to enable that)?

Thanks!

Highlighted

Hello H. Erne,

I tested from our lab here by going to the site - http://www.eicar.org/85-0-Download.html

-From there each time I tried to download using one of the HTTP links, the connection was blocked or reset. This is good news.

-When I tried to download using the HTTPS connections, however, it did let me download them. This is not such good news.

I am certain that this is due to the handling of traffic. When connecting with HTTPS, the secure session is setup without issue followed by traffic passing. The ISA is not able to read encrypted traffic and thus it is allowed.

Just remember the ISA is a major security enhancement, but not a total subsitute for local protections.

Highlighted

Hi,

it is perfectly clear, that the ISA500 is not a 100% security solution, however I try to understand what its features and limitations are - there are a lot of features built in and it is quite difficult to get a feeling on what is in the box and what not...

The competitors (at least Fortinets FortiGate C-Series, not sure about SonicWall TZ) supports that - they can inspect all SSL traffic - so their AV/IDS works over https encrypted connections also - which from a security point of view is a clear advantage...

Regards!

Highlighted

Hi,

The HTTPS support to inspect AV/IPS traffic is in our road-map and will be supported soon.

Regards,

Jeff

Highlighted

Hi Jeff,

thats really good news! Is there already a schedule for this?

Thanks for your efforts on improving the ISA500 and best regards!

Highlighted

Hi,

The schedule is not available yet. Please continue to check back with the team for updates.Thanks for your support on ISA500.

Regards,

Jeff

Highlighted

Hi,

about 5 months later... What about the HTTPS support on the roadmap? Will this be implemented now that the devices are EOL'ed?