The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article describes how 'bypass content scanning for streaming content' works on Sophos UTM, i.e. if you check the option box 'bypass content scanning for streaming content' of the HTTP/S proxy
The check-box Web Protection | Filtering Options | Misc in the 'Streaming settings' area 'Bypass content scanning for streaming content' is enabled by default.
This architectural design ensures that all data is scanned by the virus engines and the client does not receive one byte of data until the proxy is sure that there is no unwanted content. However, for "streaming content" like web radio, online TV, YouTube videos, ... this can be a problem, because such streaming content typically needs a very long time from start to finish, or even does not end at all. In these cases, the proxy would need much time or even "forever" to download the data. The user would not be able to see/listen to the video/audio stream.
If the check-box 'bypass content scanning for streaming content' is checked, the HTTP/S proxy will skip the content scanning of the downloaded data if the web server tells the proxy that the data one of the following MIME types:
0 audio/* 1 video/* 2 application/x-flash 3 application/flash 4 application/x-shockwave 5 application/shockwave 6 application/pn-real 7 application/x-pn-real 8 application/real 9 application/x-real 10 application/vnd.ms.wms-hdr.asfv1 11 application/mpeg 12 application/audio 13 application/video 14 application/sound 15 application/x-audio 16 application/x-video 17 application/x-mpeg 18 application/x-sound 19 application/quicktime 20 application/x-quicktime 21 application/mms 22 application/x-mms 23 application/x-mms-framed 24 application/x-rtsp-tunnelled 25 application/x-shockwave-flash 26 flv-application/octet-stream 27 application/x-silverlight-app
This means the proxy will transfer each chunk of downloaded data from the web server immediately to the client (the browser), instead of collecting all chunks of data until the "end" of the stream is reached. This ensures that the streaming content is delivered without interruption to the client. Of course, the data is not scanned by the virus scanners in these cases.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.