Cisco Cisco Web Security Appliance S170 사용자 가이드

In the following example, the Webroot scanning engine scanned the URL request 
and assigned a malware scanning verdict based on the URL request. Webroot is 
the only scanning engine that scans a URL request. For more information about 
Webroot scanning, see 

In this example, “3.4” is the Web Reputation score, indicating to scan the website 
for malware. Therefore, the Web Proxy passed the request to the DVS engine for 
anti-malware scanning.

The “Adware” value is the malware scanning verdict that Webroot passed to the 
DVS engine. The “BLOCK_AMW_RESP_URL” ACL decision tag shows that 
Webroot’s request-side checking of the URL produced this verdict. The remainder 
of the fields show the malware name (“GAIN - Common Components”), threat 
risk rating (“95”), threat ID (“37607”), and trace ID (“10”) values, which Webroot 
derived from its evaluation. All of the McAfee and Sophos-related values are 
empty (“-”) because neither the McAfee or Sophos scanning engine scanned the 
URL request.

In the following example, the McAfee scanning engine scanned the server 
response, assigned a malware scanning verdict based on the server response, and 
blocked it from the user. 

1278106367.381 170 172.xx.xx.xx TCP_DENIED/403 1828 GET 

http://www.gator.com/ - NONE/- - 

BLOCK_AMW_RESP_URL_11-AccessPolicy-Identity-OMSPolicy-NONE-NONE-NONE 

<IW_busi,3.4,"Adware","GAIN - Common 

Components",95,37607,10,"-","-",-,-,-,"-","-","-","-","-",-,-,IW_busi

,-,"Adware","-","Unknown","Unknown","-","-",86.02,0,-,"-","-">

1278097193.276 51 172.xx.xx.xx TCP_DENIED/403 3122 GET 

http://badsite.com/malware.exe - DIRECT/badsite.com 

application/x-dosexec 

BLOCK_AMW_RESP_11-AccessPol-Identity-NONE-NONE-NONE-DefaultGroup 

<IW_infr,3.0,"Trojan Phisher","Trojan-Phisher-Gamec",0,354385,12559,

"-","-",-,-,-,"-","-","-","-","-",-,-,IW_infr,-,"Trojan 

Phisher","-","Unknown","Unknown","-","-",489.73,0,[Local],"-","-"> -