/
How to Configure Anti-Malware?

How to Configure Anti-Malware?

Owned by Agat Support
Last updated: Sept 24, 2019

Enables scanning of files for Anti-Malware detection. Files which will be identified as infected will be deleted.

Anti-Malware Settings

1. Enable Anti-Malware - Set to 'Yes' in order to enable scanning for Anti-Malware detection.

    ** Need to restart the following back end components to apply modified settings: CASB Adapter service.

2. Internal domain list - List of local domain. Supports multiple  values and wildcards '*'.

3. Anti-Malware provider - Provider for Anti-Malware inspection. SphereShield uses CLAMAV open source.

    The other available option is McAfee.

4. Anti-Malware time out (in seconds) - Anti-Malware time out for waiting for response.

5. Service server - Server for ClamAV or McAfee server.

6. Service port - Port for ClamAV or McAfee server. Use 3310 for clamAV and 1344 for McAfee provider.

7. 

8. Admin notification type - Notifications sent to the administrator when a malware incident occurs.

   * Log - Log each incident to the log file , Windows Event log and database, or as defined in Log4Net configuration.

   * Log, Email and IM - Incident will be logged and recipient specified in the DLP settings will be notified by email.

     

  1. Admin notification recipient (email) - This field accepts a comma-separated list of addresses for more than one recipient, Example: user@domain.com, user2@domain.com.
  2. Admin notification recipient (IM) This field accepts a comma separated list of addresses for more than one recipient, Example: user@domain.com, user2@domain.com.
  3. Admin notification message (for IM & email) - The following placeholders are available: {NEW_LINE},{USER},{RECIPIENT},{LOGGED_AT},{FILE_NAME}.
  4. Admin notification email subject - Email subject for admin notifications.

   * Log, Email - Incident will be logged, an email notification will be sent and the sender will be notified by IM.

   

  1. Admin notification recipient (email)This field accepts a comma separated list of addresses for more than one recipient, Example: user@domain.com, user2@domain.com.
  2. Admin notification message (for IM & email)The following placeholders are available: {NEW_LINE},{USER},{RECIPIENT},{LOGGED_AT},{FILE_NAME}.
  3. Admin notification email subjectEmail subject for admin notifications.

9 . User notification type - Notification sent to an end-user when a malware incident occurs.

   * None - No notification will be sent.

   * IM - Incident will be sent to an end user by IM.

     User notification message -  Message sent to the user in case a malware incident was identified, but only a monitoring action was taken.

   * Email - Incident will be sent to and end-user by Email.


Auditing

Displays content that was blocked by the Anti-Malware engine.










Related content

How to manually install AGAT SphereShield Service Agent (SIP Filter Agent)?
How to manually install AGAT SphereShield Service Agent (SIP Filter Agent)?
SphereShield for Skype for Business 2015/2019 Knowledge Base
More like this
SphereShield Service Agent- How it works
SphereShield Service Agent- How it works
SphereShield CASB Knowledge Base
More like this
SphereShield Agent Service
SphereShield Agent Service
SphereShield CASB Knowledge Base
More like this
How to Configure SphereShield Ethical Wall and DLP to Write Auditing Events into Windows Event Log
How to Configure SphereShield Ethical Wall and DLP to Write Auditing Events into Windows Event Log
SphereShield CASB Knowledge Base
More like this
External ICAP DLP Integration
External ICAP DLP Integration
SphereShield for Skype for Business 2015/2019 Knowledge Base
More like this
How to Configure SphereShield for SfB DLP?
How to Configure SphereShield for SfB DLP?
SphereShield for Skype for Business 2015/2019 Knowledge Base
More like this