The exception av-signature-id command configures a virus as an exception.
The undo exception av-signature-id command cancels a virus exception.
exception av-signature-id av-signature-id [ action { allow | block-source-ip [ timeout timeout ] } ]
undo exception av-signature-id { av-signature-id | all }
| Parameter | Description | Value |
|---|---|---|
av-signature-id |
Specifies the virus ID. |
The value is an integer ranging from 1 to 4294967295. |
action |
Specifies the action. |
- |
allow |
Indicates that the device permits a packet when a packet matches a virus exception. |
The default action for the virus exception is allow. |
block-source-ip |
Indicates that the device blacklists the source IP address and denies the packets destined from or for the specified IP address. |
- |
timeout timeout |
Specifies the lifetime of a blacklist entry. The blacklist entry ceases to take effect after the lifetime ends. |
The value is an integer ranging from 1 to 30, in minutes. The default value is 5. |
all |
Cancels all virus exceptions. |
- |
By default, the system permits the file that contains a virus configured as an exception. Then the device permits files infected by the virus once detected.
# Create profile av_exception, isolate the source address IP address (timeout period: 10 minutes), and configure a virus exception for the virus with ID 16424404 in the profile.
<sysname> system-view [sysname] profile type av name av_exception [sysname-profile-av-av_exception] exception av-signature-id 16424404 action block-source-ip timeout 10