CSA signature based antivirus exceptions

Unanswered Question
Apr 8th, 2009

I enabled the signature based antivirus policy in CSA 6.0.214 and am wondering how I can create an exception so that a specific folder is not included in scheduled and on-access scanning. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
legassembly Thu, 04/09/2009 - 07:05

I wish that was the case. I'm in discussions with Cisco TAC about this too. The antivirus exemptions page appears to only allow very specific exemptions, such as don't detect this file as being this virus.

tsteger1 Thu, 04/09/2009 - 09:03

I think you may need to exempt them from being classified as scannable files before they are scanned and tagged.

The rule module "Security - Clam AV - Classification Module (on OPEN) and (on Close)" may be the place to start.

If you can exempt the folder beforehand, it may never be scanned.

I don't have time to try this but give it a look and see what you come up with.


legassembly Tue, 04/14/2009 - 12:03

As suggested, I created two file access control rules, one in the “Security - Clam AV - Classification Module (on CLOSE)” and the other in the “Security - Clam AV - Classification Module (on OPEN)” rule modules. Each rule is a Set action that sets “Virus scan on OPEN” or “Virus scan on CLOSE” as “NOT being required for this file”. The files specified are just the folders that we want to exclude from virus scanning.

This appears to be a good solution to this problem.


This Discussion