Access to the VirusWall server from within the HTTP proxy is controlled by a service common object (viruswall-http)and a pair of variables (VirusWallServerHTTP and scan.0). The service object and variables are preconfigured as much as possible during installation, but the variables must be altered to activate the interface for scanning. In addition, you may need one or more access rules to allow your Screen access to the VirusWall scanner server; see "To Add an Administrative Access Rule for Remote Administration" in SunScreen 3.2 Administration Guide for more information.
The viruswall-http service common object is employed by the interface between SunScreen's HTTP proxy and VirusWall. The TCP service port defined for this object is set to that used by the default VirusWall installation.
The VirusWallServerHTTP variable configures the interface between your Screen and VirusWall:
(Optional) sys=Screen
prg=scan
name=VirusWallServerHTTP
values={ vwvalues }
(Optional) description="descriptive text"
enabled | disabled (the initial configuration is enabled)
Options for the vwvalues portion of the VirusWallServerHTTP variable are:
type=VirusWall
svc=viruswall-http
addr=vwserver (the default is the undefined address object, viruswall-server)
(Optional) holddown=downsecs (the default is 30*60 seconds)
(Optional) maxconns=#maxconns (maximum concurrent connections; the default is 3)
(Optional) minconns=#minconns(minimum spare connections; the default is 1)
Multiple addr items can be configured to allow the use of secondary scanning servers. Each addr item can designate address common objects by name or it can designate a naked (dotted-quad) IP address.
The second variable, scan.0, connects the first variable to the proxy and specifies it as the first scanning facility to be used by that proxy. Because VirusWall scanning is optional, scan.0 is predefined as DISABLED. To turn on scanning, you must set the scan.0 variable to ENABLED.
(Optional) sys=Screen
prg=httpp
name=scan.0
values={ scvalues }
(Optional) description="descriptive text"
enabled | disabled (the initial configuration is disabled)
For the variable scan.0, the scvalues portion is name=VirusWallServerHTTP. Note that the value of this variable is the name of the first variable.
Both variables--VirusWallServerHTTP and scan.0--are pre-defined. If you display their values from the command line configuration editor, you see:
admin% ssadm -r primary edit Initial edit> vars print prg=scan name=VirusWallServerHTTP PRG="scan" NAME="VirusWallServerHTTP" ENABLED VALUES={ type="VirusWall" svc="viruswall-http" addr="viruswall-server" } DESCRIPTION="TrendMicro HTTP scanning server(s)" edit> vars print prg=httpp name=scan.0 PRG="httpp" NAME="scan.0" DISABLED VALUES={ name="VirusWallServerHTTP" } DESCRIPTION="HTTP proxy content scanner" |
One or more access rules may be needed to allow your Screen access to the VirusWall scanner server (see "To Add a New Rule" in SunScreen 3.2 Administration Guide.
Because VirusWall scanning is optional, and because the viruswall-server address object cannot be preconfigured during installation, the following example shows prototypical post-installation steps to enable VirusWall scanning of HTTP content:
admin% ssadm --r primary edit Initial edit> add address viruswall-server 10.73.176.13 edit> add rule viruswall-http localhost viruswall-server ALLOW edit> add rule www 'inside' web-scanner ALLOW PROXY_HTTP edit> vars add prg=httpp name=scan.0 ENABLED VALUES={ name=VirusWallServerHTTP } DESCRIPTION="HTTP proxy content scanner" |
This example:
Defines the address for viruswall-server
Adds a rule to allow communication between the Screen and the VirusWall scanner
Adds another rule to allow HTTP proxy traffic
Sets the ENABLED flag to turn on HTTP proxy content scanning
If content scanning has been configured, and once proxy-based content checks have been performed, the resulting content is passed to the scanner for inspection. The scanner may instruct that the content be blocked, or may alter (for example, clean viruses from) the content, or may return it unaltered. You receive scanning results (as being blocked, if so determined) that are reflected in SunScreen log entries regarding the HTTP request and its results.