Contents

Virus (GAV) Report

The Virus (GAV) report displays information on malware stopped by the Gateway AntiVirus security service. You can use this report to see the most common viruses that Gateway AntiVirus denies, and see information about how the viruses attempt to enter your network.

This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.

How to Use this Report

This report can help you identify areas where viruses could potentially enter your network so that you can take action. Here are some ways to use this report:

  • Select the Virus (GAV) pivot to identify the types of viruses that are stopped by Gateway AntiVirus. You can also use this data to troubleshoot false positives (safe files that Gateway AntiVirus incorrectly identifies as a virus). If you identify files that cause false positives, add them to the File Exceptions list.
  • Select the Host pivot to identify host computers that cause viruses to enter the network.
  • Select the Protocol pivot to identify the protocols and policies that allow viruses to enter the network.
  • Select the Email Sender pivot to identify email addresses that most frequently send emails that contain viruses to your users. If you want to deny all emails from a specific sender, you can configure the Address: Mail From ruleset in the SMTP-proxy. For more information, see SMTP-Proxy: Mail From/Rcpt To.

View the Report

This report is available in WatchGuard Cloud and in Dimension.

Pivots

You can use pivots to change the view of the data on the report.

To switch to a different view, select a pivot from the drop-down list above the report.

This report includes these pivots:

Virus (GAV)

Lists the names of viruses stopped by Gateway AntiVirus. A chart shows the number of times each virus was stopped. For each virus, the report shows the number of allowed and denied hits, and the percentage of all hits.

Activity Trend

Shows the trend of the total traffic scanned by Gateway AntiVirus compared to traffic where Gateway AntiVirus detected a virus. For each time period, the report shows the number of viruses detected and items scanned.

Host (HTTP)

Summary of the Gateway AntiVirus actions, organized by host computer. For each host, the report shows the number of allowed and denied hits, and the percentage of all hits.

Protocol

Summary of the Gateway AntiVirus actions, organized by the protocol used for the traffic. For each protocol, the report shows the number of allowed and denied hits, and the percentage of all hits.

Email Sender

Summary of the Gateway AntiVirus actions, organized by the email address that sent the message. For each email address, the report shows the number of allowed and denied hits, and the percentage of all hits. Available for the SMTP and POP3 proxies.

Detail View

To view a detailed report of all Gateway AntiVirus actions, click the View Details link at the top of the report.

Screen shot of View Details link in a report

The Virus (GAV) Detail report includes a row for each action taken by Gateway AntiVirus and displays this information:

Column Description
Disposition Action taken by Gateway AntiVirus, such as Allowed or Dropped.
Time Date and time that Gateway AntiVirus took the action.
Virus Name of the virus that was stopped by Gateway AntiVirus.
Source IP address of the traffic source.
Destination IP address of the traffic destination.
Policy Name of the Firebox policy that examined the traffic.
Protocol Protocol used to send the traffic.
Host Host name.
Sender For email protocols, the email address of the sender.
Recipient For email protocols, the email address of the recipient.
Hits Number of hits.

Enable Logging for this Report

To collect the data required for this report:

  • In the General Settings for all proxy actions that have Gateway AntiVirus enabled, select Enable logging for reports.
  • When you configure Gateway AntiVirus for a proxy action, select the Log check boxes for all Gateway AntiVirus actions. For more information, see Configure Gateway AntiVirus Actions.

See Also

WatchGuard Cloud Device Reports List

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search