Cisco Cisco Web Security Appliance S160 Guía Del Usuario
328
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
C O N F I G U R I N G A N T I - M A L W A R E S C A N N I N G
The DVS engine and Webroot and McAfee are enabled by default during system setup.
Anytime after system setup, you can configure the anti-malware settings for the Web Security
appliance. You configure the following anti-malware settings:
Anytime after system setup, you can configure the anti-malware settings for the Web Security
appliance. You configure the following anti-malware settings:
• Global anti-malware settings. Set object scanning parameters, specify global settings for
URL matching, and control when to block the URL or allow processing to continue.
• Access Policy anti-malware settings. Enable monitoring or blocking for malware
categories based on malware scanning verdicts.
To configure anti-malware settings:
1. On the Security Services > Anti-Malware page, click Edit Global Settings.
The Edit Anti-Malware Settings page appears.
2. Configure the anti-malware settings as necessary. Table 15-3 describes the anti-malware
settings you can configure.
Table 15-3 Anti-Malware Settings
Setting
Description
Object Scanning Limits
Specify a maximum request/response size and timeout value for
single objects.
The Maximum Object Size value you specify applies to the entire
size of requests and responses that might be scanned by security
components on the Web Security appliance, such as the IronPort
Data Security Filters or the Webroot scanning engine. When an
upload or download size exceeds this size, the security
component may abort the scan in progress and may not provide a
scanning verdict to the Web Proxy.
single objects.
The Maximum Object Size value you specify applies to the entire
size of requests and responses that might be scanned by security
components on the Web Security appliance, such as the IronPort
Data Security Filters or the Webroot scanning engine. When an
upload or download size exceeds this size, the security
component may abort the scan in progress and may not provide a
scanning verdict to the Web Proxy.
Domain Levels for Malware
Request Detection
Request Detection
This value specifies the number of domain name elements to
match when processing a URL. If the URL matches a hostname in
the Webroot signature database, URL checking continues to
match the number of domain name elements specified in this
parameter.
Valid range for this parameter is 3-100 where a minimum value of
8 is recommended to avoid a level of matching that results in
inaccurately blocked web sites.
Applies to the Webroot scanning engine only.
match when processing a URL. If the URL matches a hostname in
the Webroot signature database, URL checking continues to
match the number of domain name elements specified in this
parameter.
Valid range for this parameter is 3-100 where a minimum value of
8 is recommended to avoid a level of matching that results in
inaccurately blocked web sites.
Applies to the Webroot scanning engine only.