How do I make sure that files that can't be scanned with Content Analysis are not served to users?
book
Article ID: 168538
calendar_today
Updated On:
Products
Content Analysis Software - CA
Issue/Introduction
You have configured the AV scanning behavior in Content Analysis to block files based using the AV Scanning Behavior configuration in the Content Analysis Management Console, but when a scan matches a file to be blocked, (e.g. password protected archive, decode error, etc) the file is served to the client.
On the ProxySG appliance, you are using Malware Scanning (Configuration > Threat Protection > Malware Scanning) to send traffic to Content Analysis for scanning.
Cause
The setting, Action on Unsuccessful Scan will determine how the ProxySG appliance behaves in the event that an AV Scanning behavior policy exception is triggered.
If this is set to Continue Without Malware Scanning, the ProxySG appliance will ignore the Content Analysis result and serve the file to the client.
Resolution
Set Action on unsuccessful Scan to Deny the client request (recommended) to ensure that users are not served files that cannot be scanned.