For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rmoss25's avatar
rmoss25
Icon for Altostratus rankAltostratus
Feb 20, 2021

ASM and OPSWAT Metadefender Blank Page after file upload

Hi, I am trying to integrate F5 ASM WAF with OPSWAT metadefender but when I try and upload and EICAR file browser just shows a blank white page. I am using a default security policy in blocking mod...
ASM Advanced WAF
Azure
icap
metadefender
OPSAWT
security
websec's avatar
websec
Icon for Nimbostratus rankNimbostratus
Feb 24, 2021

We have a basic web page that allows to attach a file upload, eicar.txt is used in our case. This is posted as a multi-part.

Behaviour is consistent with different browsers: both Chrome and Edge show the same result. Both have javascript enabled in the settings.

There are no additional protections active on the VS: DoS protection and Bot defense are disabled.

The only violation that is showed is the 'Virus found'

Ivan_Chernenkii's avatar
Ivan_Chernenkii
Icon for Employee rankEmployee
Feb 24, 2021

Ok, got it. Several more questions to localize the problem:

  1. What version of BIG-IP do you use?
  2. What details are show for "Virus found" violation?
  3. Do you send it as regular post request or as AJAX request?
  4. Do you configure any Device ID functionality like Brute force, Session Awareness, Web Scrapping?

Thanks, Ivan