Cisco Cisco Web Security Appliance S670 Betriebsanweisung
13-6
Cisco AsyncOS for Web User Guide
Chapter 13 Configuring Security Services
Overview of Anti-Malware Scanning
Webroot Scanning
The Webroot scanning engine inspects objects to determine the malware scanning verdict to send to the
DVS engine. The Webroot scanning engine inspects the following objects:
DVS engine. The Webroot scanning engine inspects the following objects:
•
URL request. Webroot evaluates a URL request to determine if the URL is a malware suspect. If
Webroot suspects the response from this URL might contain malware, the appliance monitors or
blocks the request, depending on how the appliance is configured. If Webroot evaluation clears the
request, the appliance retrieves the URL and scans the server response.
Webroot suspects the response from this URL might contain malware, the appliance monitors or
blocks the request, depending on how the appliance is configured. If Webroot evaluation clears the
request, the appliance retrieves the URL and scans the server response.
•
Server response. When the appliance retrieves a URL, Webroot scans the server response content
and compares it to the Webroot signature database.
and compares it to the Webroot signature database.
McAfee Scanning
The McAfee scanning engine inspects objects downloaded from a web server in HTTP responses. After
inspecting the object, it passes a malware scanning verdict to the DVS engine so the DVS engine can
determine whether to monitor or block the request.
inspecting the object, it passes a malware scanning verdict to the DVS engine so the DVS engine can
determine whether to monitor or block the request.
The McAfee scanning engine uses the following methods to determine the malware scanning verdict:
•
Matching virus signature patterns
•
Heuristic analysis
Matching Virus Signature Patterns
McAfee uses virus definitions in its database with the scanning engine to detect particular viruses, types
of viruses, or other potentially unwanted software. It searches for virus signatures in files. When you
enable McAfee, the McAfee scanning engine uses this method to scan server response content.
of viruses, or other potentially unwanted software. It searches for virus signatures in files. When you
enable McAfee, the McAfee scanning engine uses this method to scan server response content.
Heuristic Analysis
Heuristic analysis is a technique that uses general rules, rather than specific rules, to detect new viruses
and malware. When the McAfee scanning engine uses heuristic analysis, it looks at the code of an object,
applies generic rules, and determines how likely the object is to be virus-like.
and malware. When the McAfee scanning engine uses heuristic analysis, it looks at the code of an object,
applies generic rules, and determines how likely the object is to be virus-like.
Using heuristic analysis increases the possibility of reporting false positives (clean content designated
as a virus) and might impact appliance performance.When you enable McAfee, you can choose whether
or not to also enable heuristic analysis when scanning objects.
as a virus) and might impact appliance performance.When you enable McAfee, you can choose whether
or not to also enable heuristic analysis when scanning objects.