cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
AlexM
AlexM
Level 8
Report Inappropriate Content
Message 1 of 4
‎07-05-2019 01:44 AM

Exceptions on WSG to download a specific file

Jump to solution

Hi,

 

I tried to download perl-5.28.2.tar.xz package from links (for example):

http://www.cpan.org/authors/id/S/SH/SHAY/perl-5.28.2.tar.xz

http://cpan.metacpan.org/authors/id/S/SH/SHAY/perl-5.28.2.tar.xz

http://distfiles.gentoo.org/distfiles/perl-5.28.2.tar.xz

Virus is detected everywhere and the gateway does not allow to download the file.

 

I would like to make exceptions for this file (perl-5.28.2.tar.xz). By the name of the file and not the domain/URL.

Tell me please in what chain of rules to do it correctly? In Enable Opener or Gateway Anti-Malware?

And how to make an exception by file name?

0 Kudos
Reply
1 Solution

Accepted Solutions
marcus69
Reliable Contributor marcus69
Reliable Contributor
Report Inappropriate Content
Message 4 of 4
‎07-05-2019 04:14 AM

Re: Exceptions on WSG to download a specific file

Jump to solution

Hi @AlexM,

 

@AlexM wrote:

Thank.

But I want to exclude a specific file. Can i add *perl-5.28.2.tar.xz* via URL mathes function?

 

... of course, but i would'nt do it because you would allow that partial URL String from any URL and location, and even possibly domains with real malicious content.
An example:

httpx://translate.google.de/translate?hl=de&tab=wT0&sl=auto&tl=de&u=wikipedia.de&c=perl-5.28.2.tar.xz/ImAmaliciousFile.exe

... would also be bypassed by your wildcard match. (Of course this expample is not a real link, but very plausible and just to show you what might happen)

So my advice would be to more precise and restrict it to a trusted location, e.g. http://www.cpan.org/*perl-5.28.2.tar.xz

Best Regards
   Marcus

Reply
3 Replies
Highlighted
marcus69
Reliable Contributor marcus69
Reliable Contributor
Report Inappropriate Content
Message 2 of 4
‎07-05-2019 02:23 AM

Re: Exceptions on WSG to download a specific file

Jump to solution

Hi @AlexM 

afaik there is no property or function that allows to fetch the filename on the GAM.
So i would suggest to add a new subrule to the Gateway Antimalware that checks full URL-paths where filenames are typically included, like on the following example:

2019-07-05 11_09_17-MWG-GAM-Bypass-byFilename.png

 

... this should do the trick.

Of course you also may use Wildcards on the filename, if necessary (see line 4 on the list in the above image)

Best regards
    Marcus

 

 

Reply
AlexM
AlexM
Level 8
Report Inappropriate Content
Message 3 of 4
‎07-05-2019 03:53 AM

Re: Exceptions on WSG to download a specific file

Jump to solution

Thank.

But I want to exclude a specific file. Can i add *perl-5.28.2.tar.xz* via URL mathes function?

 

0 Kudos
Reply
marcus69
Reliable Contributor marcus69
Reliable Contributor
Report Inappropriate Content
Message 4 of 4
‎07-05-2019 04:14 AM

Re: Exceptions on WSG to download a specific file

Jump to solution

Hi @AlexM,

 

@AlexM wrote:

Thank.

But I want to exclude a specific file. Can i add *perl-5.28.2.tar.xz* via URL mathes function?

 

... of course, but i would'nt do it because you would allow that partial URL String from any URL and location, and even possibly domains with real malicious content.
An example:

httpx://translate.google.de/translate?hl=de&tab=wT0&sl=auto&tl=de&u=wikipedia.de&c=perl-5.28.2.tar.xz/ImAmaliciousFile.exe

... would also be bypassed by your wildcard match. (Of course this expample is not a real link, but very plausible and just to show you what might happen)

So my advice would be to more precise and restrict it to a trusted location, e.g. http://www.cpan.org/*perl-5.28.2.tar.xz

Best Regards
   Marcus

Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC