This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Antivirus effects in Web Protection and Web Server Protection

I have antivirus scanning (single) turned on in both Web Protection and Web Server Protection.  Our customer accreditors are going over the configuration now with their usual fine tooth comb and threw a question back at me.   Does the AV quarantine the file?   Well that seems to be an option for SMTP, but I can't find anything along those lines for Web or Web Server.   So I'm assuming the answer is no, it doesn't quarantine.  But I'm sure they will come back to me with "well, what does it do"?   So is there a general description of how the AV operates in Web and Web Server Protection?   Does it just drop the HTTP transaction and send back an HTTP error code?



This thread was automatically locked due to age.
Parents
  • It does not send back an HTTP error code.  Instead it sends back a "block page" informing the user that a virus was blocked and the virus name.  The malicious file is not stored anywhere.  Depending on product/settings a sample may be transmitted back to Sophos for analysis.

    You can use the industry standard eicar test file at http://www.eicar.org/85-0-Download.html to test behavior.

    Sandstorm is a cloud analysis that is slightly different.  Files are quarantined while being analyzed and released to the user if found clean, or blocked/deleted if found malicious.

Reply
  • It does not send back an HTTP error code.  Instead it sends back a "block page" informing the user that a virus was blocked and the virus name.  The malicious file is not stored anywhere.  Depending on product/settings a sample may be transmitted back to Sophos for analysis.

    You can use the industry standard eicar test file at http://www.eicar.org/85-0-Download.html to test behavior.

    Sandstorm is a cloud analysis that is slightly different.  Files are quarantined while being analyzed and released to the user if found clean, or blocked/deleted if found malicious.

Children
No Data