How do I make sure that files that can't be scanned with Content Analysis are not served to users?

book

Article ID: 168538

calendar_today

Updated On:

Products

Content Analysis Software - CA

Issue/Introduction

You have configured the AV scanning behavior in Content Analysis to block files based using the AV Scanning Behavior configuration in the Content Analysis Management Console, but when a scan matches a file to be blocked, (e.g. password protected archive, decode error, etc) the file is served to the client.

On the ProxySG appliance, you are using Malware Scanning (Configuration > Threat Protection > Malware Scanning) to send traffic to Content Analysis for scanning. 

Cause

The setting, Action on Unsuccessful Scan will determine how the ProxySG appliance behaves in the event that an AV Scanning behavior policy exception is triggered.

If this is set to Continue Without Malware Scanning, the ProxySG appliance will ignore the Content Analysis result and serve the file to the client.

 

Resolution

Set Action on unsuccessful Scan to Deny the client request (recommended) to ensure that users are not served files that cannot be scanned.