User Guide
OmniAccess SafeGuard OS Administration Guide
369
Chapter 10: Detecting and Isolating Malware Security Threats
malware white-list [host ip_address | dos-destination ip_address]
For example, the following command makes the user-host machine 10.0.10.7 exempt
from malware detection.
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #malware white-list host 10.0.10.7
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
To verify the configuration, see Displaying the Contents of the Malware White-List on
page 379.
Clearing the Malware White-List
When a host IP-address is placed in the white-list, the system also clears all outstanding
malware events for the host. However, events cannot be cleared for a DoS destination.
Removing IP Addresses from the White-List
To remove an IP address from the malware white-list and restore malware checking on a
device, use the no version of the malware white-list command.
The Global Configuration command has the following syntax:
no malware white-list [host ip_address | destination ip-address]
For example, the following command removes the user-host machine 10.0.10.7 from the
white-list. This IP address now is subject to malware detection.
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #no malware white-list host 10.0.10.7
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
Configuring Mirroring
All traffic can be mirrored from a host to a mirroring port when a malware event is
detected by the system. Malware mirroring uses the setup and configuration of policy-
based mirroring for implementation.
Syntax Description ip_address IP address that overrides policy.
Syntax Description ip_address Clears the white-list entry for this IP address.