Is CAS analysing fine!

View Only

Back to discussions

Expand all | Collapse all

ITA ISDNov 22, 2020 04:11 AM

Hi, We are newly enabled external ICAP to CAS-MAA, we used to use internal CAS in ASG, Now the issue ...

Jacob MilesNov 23, 2020 10:26 AM

Hi ITA, Eicar is working just fine for me in my environment. Let me give you a few things to check. ...

1. Is CAS analysing fine!

Recommend

ITA ISD

Posted Nov 22, 2020 04:11 AM

| view attached

Hi,

We are newly enabled external ICAP to CAS-MAA, we used to use internal CAS in ASG, Now the issue is After testing the Download Anti Malware Testfile - Eicar

Eicar

remove preview

Download Anti Malware Testfile - Eicar

This file used to be named ducklin.htm or ducklin-html.htm or similar based on its original author Paul Ducklin and was made in cooperation with CARO. The definition of the file has been refined 1 May 2003 by Eddy Willems in cooperation with all vendors.

View this on Eicar >

to make sure that CAS is analyzing web traffic as expected It does not seems that CAS is Blocking this file! from viewing the statistics. and I was able to download the file easily.
Is there any issue?! please view the attacked AV patterns.
Appreciate your support.
Thanks

2. RE: Is CAS analysing fine!

Recommend

Broadcom Employee

Jacob Miles

Posted Nov 23, 2020 10:26 AM

Hi ITA,

Eicar is working just fine for me in my environment. Let me give you a few things to check.

1) Make sure you are SSL decrypting the traffic. Without SSL decryption, that ProxySG cannot detect nor send files to CAS

2) Make sure you have a rule set to send traffic to the CAS, and that it is set for RESPMod (not REQMod). Take a policy trace of this traffic to ensure that it is matching.

3) Make sure that you have your AV enabled under Content Analysis > System > Licensing. Even if you don't have an AV enabled, it will still update the patterns, so checking if an AV is enabled is important.

Hope this helps!

Original Message