ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Java based Application used for E-procurement Government Portal is being blocked by WSS despite malware bypass rule

book

Article ID: 241069

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

WSS agent used to access internet via WSS

WSS managed using UPE and not Portal

Users accessing a file on a specific government website are blocked from downloading it by WSS malware checks due to "virus_detected_denied" action

File is a java executable used to verify digital certificates that is assigned to users for uploads of tender responses.

File is flagged by multiple sites as risky/malware by multiple vendors as per https://www.virustotal.com/ 

Need to add a malware bypass for this file but despite adding it into the UPE configuration, the users still cannot download file via WSS

Cause

Multiple layers of malware checks exist within UPE and a layer blocking file is executed after the bypass exception from previous layer

Environment

WSS managed using UPE

WSS Agent on Windows/MacOS

Resolution

Merged all malware policies into one layer.

Additional Information

 added valid CPL code to bypass scanning for our problem object

 ;; Tab: [MU Gov Java Utility Allow CPL]
<Cache>
condition="Scanning Exemption" response.icap_service(no) 

define condition "Scanning Exemption"
url.domain=proc.publicprocurement.gov.org/workflow/NSEU.exe
end condition "Scanning Exemption"

but another layer existed below that sending it back to be scanned

 ;; Tab: [GLB Web Content AV Scanning]
<Cache> condition=!__is_notify_internal
policy.BC_TP_respmod_scan_fail_open ok ; Rule 2 ; WSS_AV_Scanning ; Gestures transformed ; response.icap_service.secure_connection(auto) -> ok

 

Consolidated the two into one layer and all worked fine.