Content & Malware Analysis

Expand all | Collapse all

Is CAS analysing fine!

  • 1.  Is CAS analysing fine!

    Posted 5 days ago
      |   view attached


    We are newly enabled external ICAP to CAS-MAA, we used to use internal CAS in ASG, Now the issue is After testing the Download Anti Malware Testfile - Eicar
    Eicar remove preview
    Download Anti Malware Testfile - Eicar
    This file used to be named ducklin.htm or ducklin-html.htm or similar based on its original author Paul Ducklin and was made in cooperation with CARO. The definition of the file has been refined 1 May 2003 by Eddy Willems in cooperation with all vendors.
    View this on Eicar >

    to make sure that CAS is analyzing web traffic as expected It does not seems that CAS is Blocking this file! from viewing the statistics. and I was able to download the file easily.
    Is there any issue?! please view the attacked AV patterns.
    Appreciate your support.

  • 2.  RE: Is CAS analysing fine!

    Broadcom Employee
    Posted 4 days ago
    Hi ITA,

    Eicar is working just fine for me in my environment. Let me give you a few things to check.

    1) Make sure you are SSL decrypting the traffic. Without SSL decryption, that ProxySG cannot detect nor send files to CAS

    2) Make sure you have a rule set to send traffic to the CAS, and that it is set for RESPMod (not REQMod). Take a policy trace of this traffic to ensure that it is matching.

    3) Make sure that you have your AV enabled under Content Analysis > System > Licensing. Even if you don't have an AV enabled, it will still update the patterns, so checking if an AV is enabled is important.

    Hope this helps!