cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
AlexM
Level 8
Report Inappropriate Content
Message 1 of 4

Exceptions on WSG to download a specific file

Jump to solution

Hi,

 

I tried to download perl-5.28.2.tar.xz package from links (for example):

http://www.cpan.org/authors/id/S/SH/SHAY/perl-5.28.2.tar.xz

http://cpan.metacpan.org/authors/id/S/SH/SHAY/perl-5.28.2.tar.xz

http://distfiles.gentoo.org/distfiles/perl-5.28.2.tar.xz

Virus is detected everywhere and the gateway does not allow to download the file.

 

I would like to make exceptions for this file (perl-5.28.2.tar.xz). By the name of the file and not the domain/URL.

Tell me please in what chain of rules to do it correctly? In Enable Opener or Gateway Anti-Malware?

And how to make an exception by file name?

1 Solution

Accepted Solutions
Reliable Contributor marcus69
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: Exceptions on WSG to download a specific file

Jump to solution

Hi @AlexM,

 


@AlexM wrote:

Thank.

But I want to exclude a specific file. Can i add *perl-5.28.2.tar.xz* via URL mathes function?

 


... of course, but i would'nt do it because you would allow that partial URL String from any URL and location, and even possibly domains with real malicious content.
An example:

httpx://translate.google.de/translate?hl=de&tab=wT0&sl=auto&tl=de&u=wikipedia.de&c=perl-5.28.2.tar.xz/ImAmaliciousFile.exe

... would also be bypassed by your wildcard match. (Of course this expample is not a real link, but very plausible and just to show you what might happen)

So my advice would be to more precise and restrict it to a trusted location, e.g. http://www.cpan.org/*perl-5.28.2.tar.xz

Best Regards
   Marcus

3 Replies
Reliable Contributor marcus69
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Exceptions on WSG to download a specific file

Jump to solution

Hi @AlexM 

afaik there is no property or function that allows to fetch the filename on the GAM.
So i would suggest to add a new subrule to the Gateway Antimalware that checks full URL-paths where filenames are typically included, like on the following example:

2019-07-05 11_09_17-MWG-GAM-Bypass-byFilename.png

 

... this should do the trick.

Of course you also may use Wildcards on the filename, if necessary (see line 4 on the list in the above image)

Best regards
    Marcus

 

 

AlexM
Level 8
Report Inappropriate Content
Message 3 of 4

Re: Exceptions on WSG to download a specific file

Jump to solution

Thank.

But I want to exclude a specific file. Can i add *perl-5.28.2.tar.xz* via URL mathes function?

 

Reliable Contributor marcus69
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: Exceptions on WSG to download a specific file

Jump to solution

Hi @AlexM,

 


@AlexM wrote:

Thank.

But I want to exclude a specific file. Can i add *perl-5.28.2.tar.xz* via URL mathes function?

 


... of course, but i would'nt do it because you would allow that partial URL String from any URL and location, and even possibly domains with real malicious content.
An example:

httpx://translate.google.de/translate?hl=de&tab=wT0&sl=auto&tl=de&u=wikipedia.de&c=perl-5.28.2.tar.xz/ImAmaliciousFile.exe

... would also be bypassed by your wildcard match. (Of course this expample is not a real link, but very plausible and just to show you what might happen)

So my advice would be to more precise and restrict it to a trusted location, e.g. http://www.cpan.org/*perl-5.28.2.tar.xz

Best Regards
   Marcus

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community