W32/Bagle.AA !tr
Analysis
- Reference W32/Bagle.AA-mm description.
Recommended Action
- Check the main screen using the web interface for
your FortiGate unit to ensure that the latest AV/NIDS
database has been downloaded and installed on your
system - if required, enable the "Allow Push
Update" option
- Using the FortiGate manager, enable blocking of
.PIF, .SCR, .EXE, .VBS, .HTA & .CPL files across
SMTP, POP3 and IMAP - it may require adding some of
these extensions to the list
- Using the FortiGate manager, define a service using
TCP port 2535 named "Bagle", then enable
blocking of this port