One or more access rules may be needed to allow your Screen access to the VirusWall scanner server (see "To Add a New Rule" in SunScreen 3.2 Administration Guide.
Because VirusWall scanning is optional, and because the viruswall-server address object cannot be preconfigured during installation, the following example shows prototypical post-installation steps to enable VirusWall scanning of HTTP content:
admin% ssadm --r primary edit Initial edit> add address viruswall-server 10.73.176.13 edit> add rule viruswall-http localhost viruswall-server ALLOW edit> add rule www 'inside' web-scanner ALLOW PROXY_HTTP edit> vars add prg=httpp name=scan.0 ENABLED VALUES={ name=VirusWallServerHTTP } DESCRIPTION="HTTP proxy content scanner" |
This example:
Defines the address for viruswall-server
Adds a rule to allow communication between the Screen and the VirusWall scanner
Adds another rule to allow HTTP proxy traffic
Sets the ENABLED flag to turn on HTTP proxy content scanning
If content scanning has been configured, and once proxy-based content checks have been performed, the resulting content is passed to the scanner for inspection. The scanner may instruct that the content be blocked, or may alter (for example, clean viruses from) the content, or may return it unaltered. You receive scanning results (as being blocked, if so determined) that are reflected in SunScreen log entries regarding the HTTP request and its results.