ESA not detect executable file in GZ archive
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2019 02:47 PM
Hello.
ESA not detect executable file in GZ archive, what can I do it?
Thank You!
Helping seriously ill children, all together. All information about this, is posted on my blog
- Labels:
-
Email Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2019 03:02 PM
i believe by default .gz not part of the list. as per the 9-53 page :
https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-5-6/ESA_8-5-6_User_Guide.pdf
So you need to configure as below as per page 9-33.
Attachment Filenames and Single Compressed Files within Archive Files (page 9-33)
This example shows how to match single compressed files in archives such as those created by gzip:
quarantine_gzipped_exe_or_pif:
if (attachment-filename == '(?i)\\.(exe|pif)($|.gz$)') {
quarantine("Policy");
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2019 12:34 AM
What do it is regexp ? find files like Fileneme.exe.gz ?
This is not help with filtration viruses in gz archive.
Helping seriously ill children, all together. All information about this, is posted on my blog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2019 09:49 AM
it checks inside any Zip file and scan them.
