Is there a way to use the McAfee Web Gateway to block the ability to download or access links with "*.scr" in the URL (or any extension). In McAfee's response to W32/VBMania@mm they listed ways to prevent getting the virus using products like:
Email Gateway 6.7.2
Email Gateway Control Center
GroupShield for Exchange 7.0
VirusScan Enterprise 8.5i
VirusScan Enterprise 8.7i
They also mention that TrustedSource Web Reputation will have the URL blocked (which is good). But I am wondering if I can configure a filter to block this type of activity.
Thanks for your help.
There are a couple of ways to do it, but you can use the filter by expressions list in 6.x, which is located under URL Filter > Filter by Expressions and then set 'Matching Shell Expression' to Block. Then below next to 'Add new shell expression' enter it as a string, then just put in 'http://*.scr*' without the quotes.
The same could be done in the Common > HTTP Method Filter List, you could block all 'GET' requests, with 'http://*.scr*' and set the action to 'Block'.
Alternativley on 7.x, you could just say block any URL that contains or matches on 'http://*.scr*'.