Cisco Cisco Web Security Appliance S170 사용자 가이드

In the Cisco IronPort DVS Anti-Malware Settings section, select which anti-malware scanning engines 
to enable for this policy group.

When you enable Sophos or McAfee scanning, you can select to monitor or block some additional 
categories in the Malware Categories on this page.

In the Malware Categories section, select whether to monitor or block the various malware categories 
based on a malware scanning verdict. 

The categories listed in this section depend on which scanning engines you enable. 

URL transactions are categorized as unscannable when the configured maximum time setting is 
reached or when the system experiences a transient error condition. For example, transactions 
might be categorized as unscannable during scanning engine updates or AsyncOS upgrades. The 
malware scanning verdicts SV_TIMEOUT and SV_ERROR are considered unscannable 
transactions.

Submit and commit your changes.

The access logs indicate whether or not the DVS engine scanned an upload request for malware. The 
scanning verdict information section of each access log entry includes values for the DVS engine activity 
for scanned uploads. You can also add one of the fields in 

 to the W3C or access logs to more 

easily find this DVS engine activity: 

When the DVS engine marks an upload request as being malware and it is configured to block malware 
uploads, the ACL decision tag in the access logs is BLOCK_AMW_REQ. 

x-req-dvs-scanverdict

%X2

x-req-dvs-threat-name

%X4

x-req-dvs-verdictname

%X3