Internal Antivirus HTTP Webmail Settings Overview
You can configure the internal AV scanner to scan Webmail responses from a Web server to a client. When a client makes an HTTP Webmail request, the security device can intercept the Web Server response, scan the response for viruses, and then forward to the client.
Because networks typically handle a large amount of HTTP traffic, you might want to enable scanning for Webmail only. When enabled, the internal AV scanner scans HTTP traffic for Webmail only (non-Webmail HTTP traffic is not scanned). When disabled, the device scans all HTTP traffic for viruses.
The internal AV scanner examines specific HTTP Webmail patterns only (many popular providers are predefined). To configure Webmail scanning, you must define the URL parameters:
URL Pattern—Specifies a URL pattern identifying a certain type of Webmail to examine for virus patterns. When the URL matches all of the following parameters, the AV scanner performs a virus scan.
Path in URL—Specifies the download URL path for the Webmail.
Path Exclusion—Excludes the listed path from scans. Supported in ScreenOS 5.3 and later.
Argument in URL—Specifies the URL argument. Arguments begin with a question mark (?).
Argument Exclusion—Excludes the listed argument from scans. Supported in ScreenOS 5.3 and later.
Host Name in URL—Specifies the host name in the URL.
Host Exclusion—Excludes the listed host from scans. Supported in ScreenOS 5.3 and later.
For more information about AV, refer to the Concepts & Examples ScreenOS Reference Guide: Attack Detection and Defense Mechanisms.