07-09-2019 02:47 PM
Hello.
ESA not detect executable file in GZ archive, what can I do it?
Thank You!
07-09-2019 03:02 PM
i believe by default .gz not part of the list. as per the 9-53 page :
https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-5-6/ESA_8-5-6_User_Guide.pdf
So you need to configure as below as per page 9-33.
Attachment Filenames and Single Compressed Files within Archive Files (page 9-33)
This example shows how to match single compressed files in archives such as those created by gzip:
quarantine_gzipped_exe_or_pif:
if (attachment-filename == '(?i)\\.(exe|pif)($|.gz$)') {
quarantine("Policy");
}
07-10-2019 12:34 AM
What do it is regexp ? find files like Fileneme.exe.gz ?
This is not help with filtration viruses in gz archive.
07-10-2019 09:49 AM
it checks inside any Zip file and scan them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide