Hello,
maybe I misunderstand the predefined regular expressions which exclude Microsoft URLs from the antivirus filter, but it seems to me as if the could be compromised by using the right domain name. The ASG has a predefined exception "Microsoft Windows Update [Allows Windows Update without content scanning side effects.]" which skips "Authentication / Antivirus / Extension blocking / URL Filter / Content Removal" from URLs matching this regular expressions:
^https?://[A-Za-z0-9.-]*windowsupdate.com/
^https?://[A-Za-z0-9.-]*microsoft.com/
According to this expression I can simply create a website e.g. http://www.a-virus-from-microsoft.com and upload any malware on this site. The ASG will never scan the content because the domain ends with microsoft.com.
The problem could be solved by changing these URLs to:
^https?://windowsupdate.com/
^https?://microsoft.com/
^https?://[A-Za-z0-9.-]*\.windowsupdate.com/
^https?://[A-Za-z0-9.-]*\.microsoft.com/
The same problem exists with the adobe.com and apple.com exception.
It would be great if Astaro would change this with the next version.
This thread was automatically locked due to age.
