I have a SRX300 running 21.2R3-S2.9 and syslog got message:juniper.srx300 RT_UTM:
AV_FILE_NOT_SCANNED_PASSED_MT: AntiVirus: SESSION_ID=47244670993 source-zone "TRUST" destination-zone "UNTRUST"
12.18.22.19:55609->18.179.25.0:80 profile-name="av_profile"
file="download.windowsupdate.com/c/msdownload/update/others/2022/11/37862409_6e2d04bbd46824c494928b406f7f2715fb99c220.cab"
action="PASSED" reason="due to AV scan timeout" scan-code="9" username="N/A" roles="N/A".
My main purpose is files with extension .cab from .windowsupdate.com to not be scanned by AV Scanner.Please bear in mind other features of UTM are also enabled(web-filtering, content-filtering) The configuration of anti-virus is:
anti-virus {
type sophos-engine;
scan-options {
uri-check;
timeout 3;
}
sophos-engine {
sxl-timeout 1;
sxl-retry 1;
pattern-update {
email-notify {
admin-email "ihavenoclue@whattodo.com";
custom-message-subject "Juniper Email notify";
}
url https://update.juniper-updates.net/SAV/;
interval 1440;
}
}
}
Is it possible AV Scanner to skip files from specific website?
