Cisco Cisco Web Security Appliance S190 Mode D'Emploi
8-7
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 8 Configuring Security Services
Caching
Logging Adaptive Scanning
Transactions blocked and monitored by the adaptive scanning engine use the ACL decision tags:
•
BLOCK_AMW_RESP
•
MONITOR_AMW_RESP
Caching
The following guidelines explains how AsyncOS uses the cache while scanning for malware:
•
AsyncOS only caches objects if the entire object downloads. If malware is blocked during scanning,
the whole object is not downloaded and therefore is not cached.
the whole object is not downloaded and therefore is not cached.
•
AsyncOS scans content whether it is retrieved from the server or from the web cache.
•
The length of time that content is cached varies with many factors - there is no default.
•
AsyncOS rescans content when signatures are updated.
Custom Field
in Access Logs
in Access Logs
Custom Field in
W3C Logs
W3C Logs
Description
%X6
x-as-malware-thr
eat-name
eat-name
The anti-malware name returned by Adaptive Scanning. If the
transaction is not blocked, this field returns a hyphen (“-”). This
variable is included in the scanning verdict information (in the
angled brackets at the end of each access log entry).
transaction is not blocked, this field returns a hyphen (“-”). This
variable is included in the scanning verdict information (in the
angled brackets at the end of each access log entry).