1 of 1 people found this helpful
Are you asking if you can obtain the specific file (embedded within the 1GB file) that caused the detection? Yes. See https://kc.mcafee.com/corporate/index?page=content&id=KB62662 specifically the "Virus to file" PDF.
Can you store the 1GB file, maybe. Would you want to? I dont think it would be a good idea.
Thanks for the response! That KB article takes care of something flagged as a virus. What about something that's downloaded completely and then when it's opened and scanned it detects a media-type that is filtered? I ask this because we had a very large download that was a critical system update that just happened to have an audio file in their documentation folder within the archive. We've since removed the block for audio files, but if we hadn't would there be a way to get to that file or does the gateway delete it as soon as it sees a policy violation?
My guess is there's only two answers for this...No, we can't get to it. Or yes, but it's the same way as mentioned in the about KB article. Either answer will definitely be appreciated. Thanks!
Hi again Trevor,
For the situation where MWG downloads something and THEN finds a violation for an embedded file, I would have to say no to being able to store the original file.
The reason is, we only are able to "quarantine" a file when we find it.
So MWG is scanning a file, opening it, doing its thing...
We would have to write the original file to quarantine (the 1GB file) in order to accomplish what you want. BUT, the original file isnt what the MWG detected as a violation, it found an embedded object as being in violation.
MWG would delete the file as soon as it finished scanning the file and found a violation.
Perfect. Thank you!