The Virus (GAV) report displays information on malware stopped by the Gateway AntiVirus security service. You can use this report to see the most common viruses that Gateway AntiVirus denies, and see information about how the viruses attempt to enter your network.
This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.
How to Use this Report
This report can help you identify areas where viruses could potentially enter your network so that you can take action. Here are some ways to use this report:
- Select the Virus (GAV) pivot to identify the types of viruses that are stopped by Gateway AntiVirus. You can also use this data to troubleshoot false positives (safe files that Gateway AntiVirus incorrectly identifies as a virus). If you identify files that cause false positives, add them to the File Exceptions list.
- Select the Host pivot to identify host computers that cause viruses to enter the network.
- Select the Protocol pivot to identify the protocols and policies that allow viruses to enter the network.
- Select the Email Sender pivot to identify email addresses that most frequently send emails that contain viruses to your users. If you want to deny all emails from a specific sender, you can configure the Address: Mail From ruleset in the SMTP-proxy. For more information, see SMTP-Proxy: Mail From/Rcpt To.
View the Report
This report is available in WatchGuard Cloud and in Dimension.
- Log in to WatchGuard Cloud.
- Select Monitor > Fireboxes.
The Device Manager page appears.
- From the Device Manager list, select a folder or a specific device.
- To select the report date range, click the Calendar .
- From the list of reports, select Services > Virus (GAV).
The Virus (GAV) report appears.
- To see reports for your Fireboxes or FireClusters, select Home > Devices.
The Devices list appears.
To see reports for your groups of Fireboxes, select Home > Groups.
The Groups list appears.
- Select the Name of a Firebox, cluster, or group.
The Tools > Executive Dashboard page appears.
- Select the Reports tab.
- Select Services > Virus (GAV).
The Virus (GAV) report appears.
You can use pivots to change the view of the data on the report.
To switch to a different view, select a pivot from the drop-down list above the report.
This report includes these pivots:
Lists the names of viruses stopped by Gateway AntiVirus. A chart shows the number of times each virus was stopped. For each virus, the report shows the number of allowed and denied hits, and the percentage of all hits.
Shows the trend of the total traffic scanned by Gateway AntiVirus compared to traffic where Gateway AntiVirus detected a virus. For each time period, the report shows the number of viruses detected and items scanned.
Summary of the Gateway AntiVirus actions, organized by host computer. For each host, the report shows the number of allowed and denied hits, and the percentage of all hits.
Summary of the Gateway AntiVirus actions, organized by the protocol used for the traffic. For each protocol, the report shows the number of allowed and denied hits, and the percentage of all hits.
Summary of the Gateway AntiVirus actions, organized by the email address that sent the message. For each email address, the report shows the number of allowed and denied hits, and the percentage of all hits. Available for the SMTP and POP3 proxies.
To view a detailed report of all Gateway AntiVirus actions, click the View Details link at the top of the report.
The Virus (GAV) Detail report includes a row for each action taken by Gateway AntiVirus and displays this information:
|Disposition||Action taken by Gateway AntiVirus, such as Allowed or Dropped.|
|Time||Date and time that Gateway AntiVirus took the action.|
|Virus||Name of the virus that was stopped by Gateway AntiVirus.|
|Source||IP address of the traffic source.|
|Destination||IP address of the traffic destination.|
|Policy||Name of the Firebox policy that examined the traffic.|
|Protocol||Protocol used to send the traffic.|
|Sender||For email protocols, the email address of the sender.|
|Recipient||For email protocols, the email address of the recipient.|
|Hits||Number of hits.|
To collect the data required for this report:
- In the General Settings for all proxy actions that have Gateway AntiVirus enabled, select Enable logging for reports.
- When you configure Gateway AntiVirus for a proxy action, select the Log check boxes for all Gateway AntiVirus actions. For more information, see Configure Gateway AntiVirus Actions.