search cancel

Java based Application used for E-procurement Government Portal is being blocked by WSS despite malware bypass rule


Article ID: 241069


Updated On:


Web Security Service - WSS


WSS agent used to access internet via WSS

WSS managed using UPE and not Portal

Users accessing a file on a specific government website are blocked from downloading it by WSS malware checks due to "virus_detected_denied" action

File is a java executable used to verify digital certificates that is assigned to users for uploads of tender responses.

File is flagged by multiple sites as risky/malware by multiple vendors as per 

Need to add a malware bypass for this file but despite adding it into the UPE configuration, the users still cannot download file via WSS


Multiple layers of malware checks exist within UPE and a layer blocking file is executed after the bypass exception from previous layer


WSS managed using UPE

WSS Agent on Windows/MacOS


Merged all malware policies into one layer.

Additional Information

 added valid CPL code to bypass scanning for our problem object

 ;; Tab: [MU Gov Java Utility Allow CPL]
condition="Scanning Exemption" response.icap_service(no) 

define condition "Scanning Exemption"
end condition "Scanning Exemption"

but another layer existed below that sending it back to be scanned

 ;; Tab: [GLB Web Content AV Scanning]
<Cache> condition=!__is_notify_internal
policy.BC_TP_respmod_scan_fail_open ok ; Rule 2 ; WSS_AV_Scanning ; Gestures transformed ; response.icap_service.secure_connection(auto) -> ok


Consolidated the two into one layer and all worked fine.