Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1075
Views
0
Helpful
3
Replies

ESA not detect executable file in GZ archive

Oleg Volkov
Spotlight
Spotlight

‎07-09-2019 02:47 PM

Hello.

ESA not detect executable file in GZ archive, what can I do it?

Thank You!

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎07-09-2019 03:02 PM

i believe by default .gz not part of the list. as per the 9-53 page :

 

https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-5-6/ESA_8-5-6_User_Guide.pdf

 

So you need to configure as below as per page 9-33.

 

Attachment Filenames and Single Compressed Files within Archive Files (page 9-33)

This example shows how to match single compressed files in archives such as those created by gzip:

quarantine_gzipped_exe_or_pif:
if (attachment-filename == '(?i)\\.(exe|pif)($|.gz$)') {
quarantine("Policy");
}

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Oleg Volkov
Spotlight
Spotlight
In response to balaji.bandi

‎07-10-2019 12:34 AM

What do it is regexp ? find files like Fileneme.exe.gz ?

This is not help with filtration viruses in gz archive.

 

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Oleg Volkov

‎07-10-2019 09:49 AM

it checks inside any Zip file and scan them.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents