Cisco Cisco Web Security Appliance S190 Guía Del Usuario
19-5
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 19 Anti-Malware Services
IronPort DVS™ (Dynamic Vectoring and Streaming) Engine
The scanning engines inspect transactions to determine a malware scanning
verdict to pass to the DVS engine. A malware scanning verdict is a value assigned
to a URL request or server response that determines the probability that it contains
malware. The DVS engine determines whether to monitor or block the request
based on the malware scanning verdicts. For more information about malware
scanning verdicts, see
verdict to pass to the DVS engine. A malware scanning verdict is a value assigned
to a URL request or server response that determines the probability that it contains
malware. The DVS engine determines whether to monitor or block the request
based on the malware scanning verdicts. For more information about malware
scanning verdicts, see
.
For each Access or Outbound Malware Scanning Policy, you can enable either the
Sophos or McAfee scanning engine, but not both simultaneously. You can also
enable the Webroot scanning engine with either Sophos or McAfee. You might
want to enable the Sophos scanning engine instead of the McAfee scanning
engine if the client machines have McAfee anti-malware software installed.
Sophos or McAfee scanning engine, but not both simultaneously. You can also
enable the Webroot scanning engine with either Sophos or McAfee. You might
want to enable the Sophos scanning engine instead of the McAfee scanning
engine if the client machines have McAfee anti-malware software installed.
In some cases, the DVS engine might determine multiple verdicts for a single
URL. For more information about how the DVS handles multiple verdicts, see
URL. For more information about how the DVS handles multiple verdicts, see
Maintaining the Database Tables
The Webroot, Sophos, and McAfee databases periodically receive updates from
the IronPort update server (
the IronPort update server (
https://update-manifests.ironport.com
). Server
updates are automated, and the update interval is set by the server, not the
appliance. Updates to the database tables occur with a regular degree of
frequency, and require no administrator intervention.
appliance. Updates to the database tables occur with a regular degree of
frequency, and require no administrator intervention.
For information about update intervals and the IronPort update server, see
Understanding How the DVS Engine Works
The DVS engine performs anti-malware scanning on URL transactions that are
forwarded from the Web Reputation Filters. Web Reputation Filters calculate the
probability that a particular URL contains malware, and assign a URL score that
is associated with an action to block, scan, or allow the transaction.
forwarded from the Web Reputation Filters. Web Reputation Filters calculate the
probability that a particular URL contains malware, and assign a URL score that
is associated with an action to block, scan, or allow the transaction.
When the assigned web reputation score indicates to scan the transaction, the DVS
engine receives the URL request and server response content. The DVS engine, in
combination with the Webroot and/or Sophos or McAfee scanning engines,
engine receives the URL request and server response content. The DVS engine, in
combination with the Webroot and/or Sophos or McAfee scanning engines,