AV Scanning

iPrism has been enhanced to provide virus detection and prevention via Anti-Virus (AV) scanning and reporting for HTTP traffic.

AV is enabled by default for new installations (newly shipped appliances).

When users try to access a virus file via HTTP, they will be notified that the page is blocked.

ADM263b - AV Block Page

This prevents the introduction of viruses, and identifies virus sources using the following reporting categories:

• Virus

• Worm

• Other Malware

The categories above have also been added to Lock ACL so they can be locked down by the iPrism administrator.  

One way to examine the source of virus files is to run the predefined Web Statistics by Category report, and use drill-down to access Anti-Virus details.

ADM263c - Drill-Down by AV Detail

ADM263d - The AV Detail

To verify that AV is enabled, go to the Global section's AV Scanning tab, and verify that Enable AV Scanning is checked.  

ADM263a - Enable AV Scanning

Note: As new Anti-Virus signatures become available on St. Bernard IUS servers (used for system and filter-list updates,) an AV-enabled iPrism will typically be utilizing the updates within 15 minutes.