ProxySG Access log shows no data for x-exception-id Field Alhough AV System Detected a Virus

book

Article ID: 169352

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The access log field, x-virus-id, reports a specific virus id such a EICAR-Test-File but x-exception-id does not include not virus_detected.

The access log values are as follows:
  • x-exception-id :-
  • s-action          :non TCP_DENIED such a TCP_NC_MISS,TCP_MISS

The default configuration of the ProxySG appliance will be indicate following value if virus detect.
  • x-exception-id  :virus_detected
  • s-action           :TCP_DENIED

Cause

The ProxySG report the exception as expected if your external_services configuration includes a check mark next to the option, use-vendor-virus-page.

You can verify this in your Proxy's Sysinfo file. Search it with the strin: BEGIN external_services.

!- BEGIN external_services
use-vendor-virus-page
!- END external_services
 

Resolution

No action required.

Accesslog data seems to be indicating pass through the virus data.
But your customer will be receive vendor of exception page when AV system detect virus.