How to Configure Anti-Malware?

Owned by Agat Support
Last updated: Sept 24, 2019
3 min read

Enables scanning of files for Anti-Malware detection. Files which will be identified as infected will be deleted.

Anti-Malware Settings

1. Enable Anti-Malware - Set to 'Yes' in order to enable scanning for Anti-Malware detection.

    ** Need to restart the following back end components to apply modified settings: CASB Adapter service.

2. Internal domain list - List of local domain. Supports multiple  values and wildcards '*'.

3. Anti-Malware provider - Provider for Anti-Malware inspection. SphereShield uses CLAMAV open source.

    The other available option is McAfee.

4. Anti-Malware time out (in seconds) - Anti-Malware time out for waiting for response.

5. Service server - Server for ClamAV or McAfee server.

6. Service port - Port for ClamAV or McAfee server. Use 3310 for clamAV and 1344 for McAfee provider.

7. 

8. Admin notification type - Notifications sent to the administrator when a malware incident occurs.

   * Log - Log each incident to the log file , Windows Event log and database, or as defined in Log4Net configuration.

   * Log, Email and IM - Incident will be logged and recipient specified in the DLP settings will be notified by email.

     

  1. Admin notification recipient (email) - This field accepts a comma-separated list of addresses for more than one recipient, Example: user@domain.com, user2@domain.com.
  2. Admin notification recipient (IM) This field accepts a comma separated list of addresses for more than one recipient, Example: user@domain.com, user2@domain.com.
  3. Admin notification message (for IM & email) - The following placeholders are available: {NEW_LINE},{USER},{RECIPIENT},{LOGGED_AT},{FILE_NAME}.
  4. Admin notification email subject - Email subject for admin notifications.

   * Log, Email - Incident will be logged, an email notification will be sent and the sender will be notified by IM.

   

  1. Admin notification recipient (email)This field accepts a comma separated list of addresses for more than one recipient, Example: user@domain.com, user2@domain.com.
  2. Admin notification message (for IM & email)The following placeholders are available: {NEW_LINE},{USER},{RECIPIENT},{LOGGED_AT},{FILE_NAME}.
  3. Admin notification email subjectEmail subject for admin notifications.

9 . User notification type - Notification sent to an end-user when a malware incident occurs.

   * None - No notification will be sent.

   * IM - Incident will be sent to an end user by IM.

     User notification message -  Message sent to the user in case a malware incident was identified, but only a monitoring action was taken.

   * Email - Incident will be sent to and end-user by Email.


Auditing

Displays content that was blocked by the Anti-Malware engine.