How to Configure Anti-Malware?
Enables scanning of files for Anti-Malware detection. Files which will be identified as infected will be deleted.
Anti-Malware Settings
1. Enable Anti-Malware - Set to 'Yes' in order to enable scanning for Anti-Malware detection.
** Need to restart the following back end components to apply modified settings: CASB Adapter service.
2. Internal domain list - List of local domain. Supports multiple values and wildcards '*'.
3. Anti-Malware provider - Provider for Anti-Malware inspection. SphereShield uses CLAMAV open source.
The other available option is McAfee.
4. Anti-Malware time out (in seconds) - Anti-Malware time out for waiting for response.
5. Service server - Server for ClamAV or McAfee server.
6. Service port - Port for ClamAV or McAfee server. Use 3310 for clamAV and 1344 for McAfee provider.
7.
8. Admin notification type - Notifications sent to the administrator when a malware incident occurs.
* Log - Log each incident to the log file , Windows Event log and database, or as defined in Log4Net configuration.
* Log, Email and IM - Incident will be logged and recipient specified in the DLP settings will be notified by email.
- Admin notification recipient (email) - This field accepts a comma-separated list of addresses for more than one recipient, Example: user@domain.com, user2@domain.com.
- Admin notification recipient (IM) - This field accepts a comma separated list of addresses for more than one recipient, Example: user@domain.com, user2@domain.com.
- Admin notification message (for IM & email) - The following placeholders are available: {NEW_LINE},{USER},{RECIPIENT},{LOGGED_AT},{FILE_NAME}.
- Admin notification email subject - Email subject for admin notifications.
* Log, Email - Incident will be logged, an email notification will be sent and the sender will be notified by IM.
- Admin notification recipient (email) - This field accepts a comma separated list of addresses for more than one recipient, Example: user@domain.com, user2@domain.com.
- Admin notification message (for IM & email) - The following placeholders are available: {NEW_LINE},{USER},{RECIPIENT},{LOGGED_AT},{FILE_NAME}.
- Admin notification email subject - Email subject for admin notifications.
9 . User notification type - Notification sent to an end-user when a malware incident occurs.
* None - No notification will be sent.
* IM - Incident will be sent to an end user by IM.
User notification message - Message sent to the user in case a malware incident was identified, but only a monitoring action was taken.
* Email - Incident will be sent to and end-user by Email.
Auditing
Displays content that was blocked by the Anti-Malware engine.