SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series.

Is it possible to whitelist file extension in Juniper SRX UTM AntiVirus module for specific website

  • 1.  Is it possible to whitelist file extension in Juniper SRX UTM AntiVirus module for specific website

    Posted 11-04-2022 16:23

    I have a SRX300 running 21.2R3-S2.9 and syslog got message:juniper.srx300 RT_UTM:

    AV_FILE_NOT_SCANNED_PASSED_MT: AntiVirus: SESSION_ID=47244670993 source-zone "TRUST" destination-zone "UNTRUST"
    12.18.22.19:55609->18.179.25.0:80 profile-name="av_profile"
    file="download.windowsupdate.com/c/msdownload/update/others/2022/11/37862409_6e2d04bbd46824c494928b406f7f2715fb99c220.cab"
    action="PASSED" reason="due to AV scan timeout" scan-code="9" username="N/A" roles="N/A".
    

    My main purpose is files with extension .cab from .windowsupdate.com to not be scanned by AV Scanner.Please bear in mind other features of UTM are also enabled(web-filtering, content-filtering) The configuration of anti-virus is:

        anti-virus {
                    type sophos-engine;
                    scan-options {
                        uri-check;
                        timeout 3;
                    }
                    sophos-engine {
                        sxl-timeout 1;
                        sxl-retry 1;
                        pattern-update {
                            email-notify {
                                admin-email "ihavenoclue@whattodo.com";
                                custom-message-subject "Juniper Email notify";
                            }
                            url https://update.juniper-updates.net/SAV/;
                            interval 1440;
                        }
                    }
                }
    

    Is it possible AV Scanner to skip checking files for specific website, but check for the other?



    ------------------------------
    KRISTIAN GANEV
    ------------------------------