APT check many times

Hello,

we have a T40 from a customer who uses RDP to connect to a local server, inside the server runs a management system and the electronic psota on Thunderbird, I wanted to ask if any of you know how to prevent the APT engine from checking the same email several times seeing that there are about 4/5 open RDP sessions and that the account is IMAP the mail is on all sessions.

Thanks

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @toscanatlc

    APT (if it is invoked) caches an checksum of the file with a good or bad result to prevent subsequent scans. You should see a log line in traffic monitor with that checksum like:

    Allow 1-Trusted 0-External tcp 10.0.1.2 100.100.100.11 39965 25
    msg="ProxyAllow: SMTP File reported safe from APT hash check" proxy_
    act="SMTP-Outgoing.1" sender="tester@wgrd.com" recipients="wg@localhost"
    filename="regex2.dll" md5="547c43567ab8c08eb30f6c6bacb479a3" task_
    uuid="b8517202826a43fc93dba00f9e8c30ed" (SMTP-proxy-00)

    (log would be very similar for IMAP, I just have an SMTP example on hand.)

    If the MD5sum is different, the file will get scanned again.

    -James Carson
    WatchGuard Customer Support

  • Hi James,

    thanks, I realized now that I wrote nonsense, thanks

Sign In to comment.