Gateway anti-virus blocking EXE or ZIP files download
12/20/2019 218 33523
SonicWall Gateway Anti-virus blocking normal downloads like Adobe Flash Player and password protected zip files.
The options "Restrict Transfer of packed executable files (UPX, FSG, etc.)" and "Password-Protected ZIP files" are enabled in Security Services | Gateway Antivirus | HTTP | Settings.
Packers like UPX, FSG, ASPack, etc are actively used in legitimate applications as well as by malware authors. If the customer chooses to enable the "Restrict Transfer of packed executable files (UPX, FSG, etc.)" options/signatures, the SonicWall will block the transfer of any executable file using that packer (E.g. Adobe flash player installer is packed using UPX 3.x and is correctly getting blocked by the enabled GAV signature).
Same applies to password-protected zip files, there is no way for any AV engine to decrypt and scan password protected zip file contents without knowing the password and hence there is a provision in SonicWall's GAV engine to identify and block the transfer of such files.
To fix this issue, you will have to disable the option "Restrict Transfer of packed executable files (UPX, FSG, etc.)" under the HTTP settings of Gateway Anti-Virus.
If you disable the option above and your download is still blocked because of a GAV signature, there are 2 options.
- Use the Exclusion Settings
For the same click MANAGE and then Navigate to Security Services | Gateway Anti-Virus, click on HTTP protocol Settings .
- Submit a request to our GAV team to review the signature if you believe it is a false positive How to report false positives or Virus/Trojan/Malware samples to the Gateway AntiVirus team.