Cisco Cisco Web Security Appliance S170 사용자 가이드
13-8
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 13 Outbound Malware Scanning
Logging
Figure 13-4
Anti-Malware Settings for Outbound Malware Scanning Policies
Step 8
In the Cisco IronPort DVS Anti-Malware Settings section, select which anti-malware scanning engines
to enable for this policy group.
to enable for this policy group.
When you enable Sophos or McAfee scanning, you can select to monitor or block some additional
categories in the Malware Categories on this page.
categories in the Malware Categories on this page.
Step 9
In the Malware Categories section, select whether to monitor or block the various malware categories
based on a malware scanning verdict.
based on a malware scanning verdict.
The categories listed in this section depend on which scanning engines you enable.
Note
URL transactions are categorized as unscannable when the configured maximum time setting is
reached or when the system experiences a transient error condition. For example, transactions
might be categorized as unscannable during scanning engine updates or AsyncOS upgrades. The
malware scanning verdicts SV_TIMEOUT and SV_ERROR are considered unscannable
transactions.
reached or when the system experiences a transient error condition. For example, transactions
might be categorized as unscannable during scanning engine updates or AsyncOS upgrades. The
malware scanning verdicts SV_TIMEOUT and SV_ERROR are considered unscannable
transactions.
Step 10
Submit and commit your changes.
Logging
The access logs indicate whether or not the DVS engine scanned an upload request for malware. The
scanning verdict information section of each access log entry includes values for the DVS engine activity
for scanned uploads. You can also add one of the fields in
scanning verdict information section of each access log entry includes values for the DVS engine activity
for scanned uploads. You can also add one of the fields in
to the W3C or access logs to more
easily find this DVS engine activity:
When the DVS engine marks an upload request as being malware and it is configured to block malware
uploads, the ACL decision tag in the access logs is BLOCK_AMW_REQ.
uploads, the ACL decision tag in the access logs is BLOCK_AMW_REQ.
Table 13-2
Log Fields in W3C Logs and Format Specifiers in Access Logs
W3C Log Field
Format Specifier in Access Logs
x-req-dvs-scanverdict
%X2
x-req-dvs-threat-name
%X4
x-req-dvs-verdictname
%X3