ICAP Best Practices are ignored if Malware Scanning is enabled.

book

Article ID: 166557

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

 If Malware Scanning is enabled (Configuration > Threat Protection > Malware Scanning) on your ProxySG, your existing ICAP Best Practices and other policies to not Perform Response Analysis are ignored.

NOTE: As of 6.5.9.x and later, this CPL code to stop malware scanning to evaluate other policy is no longer required. Please verify on a case by case basis to make sure.

Resolution

As explained in TECH241951, since SGOS 6.x introduced malware scanning, when you enable malware scanning on the ProxySG, it automatically adds policy to perform malware scanning for every response. Therefore this change will also cause Malware scanning overrides ICAP Best Practices.

By modifying Bypass_BC_Malware_scanning_solution CPL code in TECH241951, you can override Malware scanning policy rules and have the ICAP Best Practices CPL code effective.

 

Add the following CPL code in your local policy along with ICAP Best Practices CPL.

 

<Cache Bypass_BC_malware_scanning_solution> 

policy.Bypass_BC_malware_scanning_solution ; Creates a new layer after the Malware Scanning layers. 

 

define cache policy Bypass_BC_malware_scanning_solution 

<Cache Bypass_BC_malware_scanning_solution > 

        condition=NOICAP condition=ShouldScanHighPerformance response.icap_service(no) ; Bypasses Icap for URLs defined in NOICAP condition. NOICAP condition is part of ICAP Best Practices

end