Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 4489 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Antivirus effects in Web Protection and Web Server Protection

Jed Clear

I have antivirus scanning (single) turned on in both Web Protection and Web Server Protection.  Our customer accreditors are going over the configuration now with their usual fine tooth comb and threw a question back at me.   Does the AV quarantine the file?   Well that seems to be an option for SMTP, but I can't find anything along those lines for Web or Web Server.   So I'm assuming the answer is no, it doesn't quarantine.  But I'm sure they will come back to me with "well, what does it do"?   So is there a general description of how the AV operates in Web and Web Server Protection?   Does it just drop the HTTP transaction and send back an HTTP error code?



This thread was automatically locked due to age.
  • 0

    Hi, Jed, and welcome to the UTM Community!

    Neither Web nor Webserver Protection quarantines anything.  Malicious files are simply blocked.  Unless you're using Sandstorm (and even then), many malware links will execute.  But, you spoke of a file, and I'm not sure what the specific question was.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    It does not send back an HTTP error code.  Instead it sends back a "block page" informing the user that a virus was blocked and the virus name.  The malicious file is not stored anywhere.  Depending on product/settings a sample may be transmitted back to Sophos for analysis.

    You can use the industry standard eicar test file at http://www.eicar.org/85-0-Download.html to test behavior.

    Sandstorm is a cloud analysis that is slightly different.  Files are quarantined while being analyzed and released to the user if found clean, or blocked/deleted if found malicious.

Unfiltered HTML