rmoss25
Feb 20, 2021Altostratus
ASM and OPSWAT Metadefender Blank Page after file upload
Hi,
I am trying to integrate F5 ASM WAF with OPSWAT metadefender but when I try and upload and EICAR file browser just shows a blank white page. I am using a default security policy in blocking mode and have configured the settings according to the F5 BIG IP ASM (WAF) OPSAWT guide.
- I have configured the ICAP server under Security > Options > Application Security > Integrated Services > Anti-Virus Protection.
- I have configured the antivirus block settings under Security > Application Security > Policy Building > Learning and Blocking Settings > Advanced Configuration.
- I have antivirus scanning for HTTP file uploads and SOAP attachments Security > Application Security > Integrated Services > Anti-Virus Protection.
When I try to upload the test file I get a blank browser and if I check the source code in the browser I see the following:
window["bobcmn"] = "101110101010102000000022ffffffff2ffffffff20000000220156c0ea200000000200000000200000000300000044multipart%2fform%2ddata%3b%20boundary%3d%2d%2d%2d%2dWebKitFormBounda300000000300000000300000000300000000300000007httpsc3000000b008a59e5661ab20000adb568196d38950bf7928e988d64266cafbda4956605335d523cb0c44e211db089aede8158b2800a5d271c7e2a6f9d94d8c4ad7cd49022d5f72b236f5ca5943b07c111a9484727f3b29e542d2d2302b300000002TS300000165%2d%2d%2d%2d%2d%2dWebKitFormBoundaryxbm3Qt79jKjmxoOz
Content%2dDisposition%3a%20form%2ddata%3b%20name%3d%22filename%22%3b%20filename%3d%22eicar.com%22
Content%2dType%3a%20application%2foctet%2dstream
X5O!P%25@AP[4%5cPZX54(P%5e)7CC)7}%24EICAR%2dSTANDARD%2dANTIVIRUS%2dTEST%2dFILE!%24H%2bH%2a
%2d%2d%2d%2d%2d%2dWebKitFormBoundaryxbm3Qt79jKjmxoOz%2d%2d
200000000";
"</script>
</APM_DO_NOT_TOUCH>
<script type="text/javascript" src="/TSbd/08a59e5661ab2000a21cb91986bc897b6b354965ec350caba4c8ca55a7b089798844a4727e8dc553?type=5"></script><noscript>Please enable JavaScript to view the page content.<br/>Your support ID is: 8648386876400468880.</noscript>
</head><body>
</body></html>"
Is there something in the ASM policy that needs to be changed?