We have a rule called Bypass AV Scanning for Downloads over 300MB from Trusted Domains
with the following condition:
URL.Host.BelongstoTrustedDomains <List of Trusted Domains> equal true AND Body.Size greater than or equals 300000000
Action: Stop Rule Set (So doesnt hit the Malware Scanning Rule)
Before this rule in the ruleset is an Enable Opener rule which the request/ response will hit.
My question is the following:
Suppose I have a large zip file of 325MB that I have download from one of my trusted domains. The zip file contains many files of sizes between 1 MB and 500MB which are extracted by the Enable Opener rule set.
Do any of the embedded files get scanned as individually some are less that 300 MB?
Do none of the embedded files get scanned as the parent container has size greater than 300MB?
Do only those embedded files smaller than 300MB get scanned?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.