Cisco Cisco Web Security Appliance S390 Betriebsanweisung

In the following example, the Webroot scanning engine scanned the URL request 
and assigned a malware scanning verdict based on the URL request. Webroot is 
the only scanning engine that scans a URL request. For more information about 
Webroot scanning, see 

1278106367.381 170 172.xx.xx.xx TCP_DENIED/403 1828 GET 

http://www.gator.com/ - NONE/- - 

BLOCK_AMW_RESP_URL_11-AccessPolicy-Identity-OMSPolicy-NONE-NONE-NONE 

<IW_busi,3.4,"Adware","GAIN - Common 

Components",95,37607,10,"-","-",-,-,-,"-","-","-","-","-",-,-,IW_busi

,-,"Adware","-","Unknown","Unknown","-","-",86.02,0,-,"-","-">

In this example, “3.4” is the Web Reputation score, indicating to scan the website 
for malware. Therefore, the Web Proxy passed the request to the DVS engine for 
anti-malware scanning.

The “Adware” value is the malware scanning verdict that Webroot passed to the 
DVS engine. The “BLOCK_AMW_RESP_URL” ACL decision tag shows that 
Webroot’s request-side checking of the URL produced this verdict. The remainder 
of the fields show the malware name (“GAIN - Common Components”), threat 
risk rating (“95”), threat ID (“37607”), and trace ID (“10”) values, which Webroot 
derived from its evaluation. All of the McAfee and Sophos-related values are 
empty (“-”) because neither the McAfee or Sophos scanning engine scanned the 
URL request.

In the following example, the McAfee scanning engine scanned the server 
response, assigned a malware scanning verdict based on the server response, and 
blocked it from the user. 

1278097193.276 51 172.xx.xx.xx TCP_DENIED/403 3122 GET 

http://badsite.com/malware.exe - DIRECT/badsite.com 

application/x-dosexec 

BLOCK_AMW_RESP_11-AccessPol-Identity-NONE-NONE-NONE-DefaultGroup 

<IW_infr,3.0,"Trojan Phisher","Trojan-Phisher-Gamec",0,354385,12559,

 

"-","-",-,-,-,"-","-","-","-","-",-,-,IW_infr,-,"Trojan 

Phisher","-","Unknown","Unknown","-","-",489.73,0,[Local],"-","-"> -