Content Analysis detects viruses in the antivirus pattern file updates

book

Article ID: 171720

calendar_today

Updated On:

Products

Content Analysis Software - CA Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Content Analysis shows that a virus was detected in an antivirus pattern file update. These files contain portions or descriptions of the viruses, but you prefer that Content Analysis not detect them as viruses.

Resolution

Generally, the virus segments in the pattern update files are encoded and are too small to be mistaken as a true virus by other AV vendors. But occasional false positives can occur. These can be prevented by exempting virus pattern update locations from scanning by the proxy, as the following example policy illustrates.

Place this policy after all other ICAP policies on the ProxySG appliance:

<cache>
  url.host=liveupdate.symantec.com response.icap_service(no)