Password protected archives can’t be blocked using Proxy AV

book

Article ID: 166752

calendar_today

Updated On:

Products

ProxyAV Software - AVOS ProxySG Software - SGOS

Issue/Introduction

When traffic going through the Proxy SG is send to the Proxy AV for virus scanning, and on the Proxy AV the policy configured for password protected archive is to be blocked, any password protected archives are downloaded successfully.

Environment

Proxy SG sending traffic over ICAP to Proxy AV.

Resolution

This will happen if you configure your action on the Web Content Layer to scan the traffic, and in the error handling part you choose if the ICAP service is not available to continue without further ICAP response processing (fail-open). In this case when the Proxy AV engine detects password protected archive it will respond with ICAP error to the Proxy SG. Since the Proxy SG is configured in the error handling to allow the connection the file will be served.

In order to make password protected files blocked, be sure that the error handling part is set to deny the client request (which is the default recommended option-fail-close).