Hi,
I tried to download perl-5.28.2.tar.xz package from links (for example):
http://www.cpan.org/authors/id/S/SH/SHAY/perl-5.28.2.tar.xz
http://cpan.metacpan.org/authors/id/S/SH/SHAY/perl-5.28.2.tar.xz
http://distfiles.gentoo.org/distfiles/perl-5.28.2.tar.xz
Virus is detected everywhere and the gateway does not allow to download the file.
I would like to make exceptions for this file (perl-5.28.2.tar.xz). By the name of the file and not the domain/URL.
Tell me please in what chain of rules to do it correctly? In Enable Opener or Gateway Anti-Malware?
And how to make an exception by file name?
Solved! Go to Solution.
Hi @AlexM,
@AlexM wrote:Thank.
But I want to exclude a specific file. Can i add *perl-5.28.2.tar.xz* via URL mathes function?
... of course, but i would'nt do it because you would allow that partial URL String from any URL and location, and even possibly domains with real malicious content.
An example:
httpx://translate.google.de/translate?hl=de&tab=wT0&sl=auto&tl=de&u=wikipedia.de&c=perl-5.28.2.tar.xz/ImAmaliciousFile.exe
... would also be bypassed by your wildcard match. (Of course this expample is not a real link, but very plausible and just to show you what might happen)
So my advice would be to more precise and restrict it to a trusted location, e.g. http://www.cpan.org/*perl-5.28.2.tar.xz
Best Regards
Marcus
Hi @AlexM
afaik there is no property or function that allows to fetch the filename on the GAM.
So i would suggest to add a new subrule to the Gateway Antimalware that checks full URL-paths where filenames are typically included, like on the following example:
... this should do the trick.
Of course you also may use Wildcards on the filename, if necessary (see line 4 on the list in the above image)
Best regards
Marcus
Thank.
But I want to exclude a specific file. Can i add *perl-5.28.2.tar.xz* via URL mathes function?
Hi @AlexM,
@AlexM wrote:Thank.
But I want to exclude a specific file. Can i add *perl-5.28.2.tar.xz* via URL mathes function?
... of course, but i would'nt do it because you would allow that partial URL String from any URL and location, and even possibly domains with real malicious content.
An example:
httpx://translate.google.de/translate?hl=de&tab=wT0&sl=auto&tl=de&u=wikipedia.de&c=perl-5.28.2.tar.xz/ImAmaliciousFile.exe
... would also be bypassed by your wildcard match. (Of course this expample is not a real link, but very plausible and just to show you what might happen)
So my advice would be to more precise and restrict it to a trusted location, e.g. http://www.cpan.org/*perl-5.28.2.tar.xz
Best Regards
Marcus
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA