Cisco Cisco Web Security Appliance S170 Guía Del Usuario
326
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
M C A F E E S C A N N I N G
The McAfee scanning engine inspects objects downloaded from a web server in HTTP
responses. After inspecting the object, it passes a malware scanning verdict to the DVS engine
so the DVS engine can determine whether to monitor or block the request.
responses. After inspecting the object, it passes a malware scanning verdict to the DVS engine
so the DVS engine can determine whether to monitor or block the request.
The McAfee scanning engine uses the following methods to determine the malware scanning
verdict:
verdict:
• Matching virus signature patterns
• Heuristic analysis
For more information about how the DVS engine uses malware scanning verdicts to handle
web traffic, see “IronPort DVS™ (Dynamic Vectoring and Streaming) Engine” on page 322.
web traffic, see “IronPort DVS™ (Dynamic Vectoring and Streaming) Engine” on page 322.
Matching Virus Signature Patterns
McAfee uses virus definitions in its database with the scanning engine to detect particular
viruses, types of viruses, or other potentially unwanted software. It searches for virus
signatures in files.
viruses, types of viruses, or other potentially unwanted software. It searches for virus
signatures in files.
When you enable McAfee, the McAfee scanning engine always uses this method to scan
server response content.
server response content.
Heuristic Analysis
New threats on the web appear almost daily. Using only virus signatures, the engine cannot
detect a new virus or other malware because its signature is not yet known. However, by
using heuristic analysis, the McAfee scanning engine can detect new classes of currently
unknown viruses and malware in advance.
detect a new virus or other malware because its signature is not yet known. However, by
using heuristic analysis, the McAfee scanning engine can detect new classes of currently
unknown viruses and malware in advance.
Heuristic analysis is a technique that uses general rules, rather than specific rules, to detect
new viruses and malware. When the McAfee scanning engine uses heuristic analysis, it looks
at the code of an object, applies generic rules, and determines how likely the object is to be
virus-like.
new viruses and malware. When the McAfee scanning engine uses heuristic analysis, it looks
at the code of an object, applies generic rules, and determines how likely the object is to be
virus-like.
Using heuristic analysis increases the likelihood of catching viruses and malware before
McAfee updates its virus signature database. However, it also increases the possibility of
reporting false positives (clean content designated as a virus). It also might impact appliance
performance.
McAfee updates its virus signature database. However, it also increases the possibility of
reporting false positives (clean content designated as a virus). It also might impact appliance
performance.
When you enable McAfee, you can choose whether or not to also enable heuristic analysis
when scanning objects.
when scanning objects.