Operational Defect Database
BugZero found this defect 1992 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3b3SAA
GAV fails to identify password-protected RAR-5 archive files
Last update date:
7/19/2023
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.0.x
12.1.x
12.1
12.1.1
12.1.3
12.10.x
12.2.x
12.3.x
12.4.x
Fixed releases:
All
Description:
Issue
If you configure Gateway AV to drop or block password-protected archive files, it will fail to identify password-protected RAR-5 files. Instead, password-protected files are incorrectly allowed through the Firebox.
Workaround/Solution
To block these files with the HTTP proxy, you can specifically block RAR-5 archive files by Body-Content Type. Use these options in the rule: Rule Name: RAR-5 ArchivesPattern match: %0x526172211A070100%* For full instructions, see HTTP Response: Body Content Types In all proxy action types you can configure a Content Type rule to deny RAR files: Rule Name: RAR filesExact Match: application/x-rarAction: Drop To find instructions for each proxy action type, see About Proxy Actions
