How to Block More Malware on Symantec Secure Web Gateway

Would you like to increase your malware threat protection on Symantec Secure Web Gateway and downloads? Metascan can be used with ProxySG to significantly improve your malware threat protection. If you already use ProxyAV, Metascan can be used on top of ProxyAV to block more known and unknown threats. Metascan uses ICAP in the same way as ProxyAV does, but offers superior threat detection rates by scanning web traffic with up to 35+ anti-malware engines as well as performing data sanitization to remove possible embedded threats in documents. Find out more about the benefits of using Metascan with Symantec ProxySG.

Ready to find out how many more threats Metascan can block? Download the 14-day evaluation version of Metascan and follow the steps in the Getting Started Guide below to configure Metascan and Symantec Secure Web Gateway and experience the benefits of multi-scanning for yourself:

Metascan and Symantec Secure Web Gateway Getting Started Guide

This Getting Started Guide describes in easy steps how to configure Metascan with Symantec ProxySG to start scanning your web traffic and downloads.

System Requirements:
The following systems are required for this deployment

• Symantec Secure Web Gateway Server
• One or more Metascan servers

Configuring Metascan

By default, the ICAP service is disabled in Metascan. To enable the ICAP service, please do the following:

1. Open the Metascan Management Console (http://<server ip>:8008/management)
2. Navigate to the Sources-> ICAP Server Configuration page
3. Click the 'Start ICAP Service' button

This will start the Metascan ICAP server with the default settings.
Note on Metascan Licensing: Metascan must have a valid license, including licensing for the appropriate number of remote clients to function correctly.

Configuring the Symantec Secure Web Gateway Server

Log into your ProxySG Management Console (e.g. https://<ip address>:8082).

Disable Automatic Cache Refresh

1. Click on the 'Configuration' tab, and navigate to 'Proxy Settings'->'HTTP Proxy'
2. Select the 'Freshness' tab and select the 'Disable refreshing' option
   
3. Select the 'Acceleration Profile' tab and uncheck the following options
   1. Pipeline embedded objects in client request
   2. Pipeline redirects for client request
   3. Pipeline embedded objects in prefetch request
   4. Pipeline redirects for prefetch request
      
4. Click 'Apply' to save these settings

Adding REQMOD Service

1. Within the 'Configuration' tab, navigate to 'External Services'->'ICAP'
2. Click 'New'
3. Enter a service name for the Metascan service (in this example we use 'MetascanReqmod') and click 'OK'
   
4. In the services list, select 'MetascanReqmod' and click 'Edit'
5. Update the following values
   1. In ICAP Service
      1. Set Service URL to 'icap://<Metascan Server>/OMSScanReq-AV'
      2. Select 'Use vendor's "virus found" page'
   2. In ICAP Service Ports
      1. Check 'This service supports plain ICAP connections
      2. Set the 'Plain ICAP port' value to your Metascan's ICAP port (1344 by default)
   3. In ICAP v1.0 Options
      1. Check 'Request modification'
      2. Check 'Send Client address'
         
6. Click 'OK'
7. Click 'Apply' to save the configuration

Adding RESPMOD Service

1. Within the 'Configuration' tab, navigate to 'External Services'->'ICAP'
2. Click 'New'
3. Enter a service name for the Metascan service (in this example we use 'MetascanRespmod') and click 'OK'
   
4. In the services list, select 'MetascanReqmod' and click 'Edit'
5. Update the following values
   1. In ICAP Service
   2. Set Service URL to 'icap:///OMSScanResp-AV'
   3. Select 'Use vendor's "virus found" page'
6. In ICAP Service Ports
   1. Check 'This service supports plain ICAP connections
   2. Set the 'Plain ICAP port' value to your Metascan's ICAP port (1344 by default)
7. In ICAP v1.0 Options
   1. Check 'Response modification'
   2. Check 'Send Client address'
      
8. Click 'OK'
9. Click 'Apply' to save the configuration

Create Metascan REQMOD Policy

1. Within the 'Configuration' tab, navigate to 'Policy'->'Visual Policy Manager'
2. Click the 'Launch' button
3. In the 'Symantec Visual Policy Manager' window, navigate to 'Policy'->'Add Web Content Layer'
   
4. Enter a layer name (in this example we use 'Metascan ICAP ReqMod') and click 'OK'
   
5. In the newly created 'Metascan ICAP ReqMod' tab, right click on 'Use Default Caching' and choose 'Set...'
   
6. In the 'Set Action Object' window, click 'New' and select 'Set ICAP Request Service...'
   
7. In the 'Add ICAP Request Service Object' window, set the following values
   1. Set 'name' to 'Metascan ICAP Request Service'
   2. In 'Available services', select 'MetascanReqMod' and click 'Add'
      
   3. Click 'OK' to finish and 'Apply' to save

Create Metascan RESPMOD Policy

1. Within the 'Configuration' tab, navigate to 'Policy'->'Visual Policy Manager'
2. Click the 'Launch' button
3. In the 'Symantec Visual Policy Manager' window, navigate to 'Policy'->'Add Web Content Layer'
   
4. Enter a layer name (in this example we use 'Metascan ICAP RespMod') and click 'OK'
5. In the newly created 'Metascan ICAP RespMod' tab, right click on 'Use Default Caching' and choose 'Set...'
   
6. In the 'Set Action Object' window, click 'New' and select 'Set ICAP Request Service...'
   
7. In the 'Add ICAP Response Service Object' window, set the following values
   1. Set 'name' to 'Metascan ICAP Response Service'
   2. In 'Available services', select 'MetascanRespMod' and click 'Add'
      
8. Click 'OK' to finish and 'Apply' to save
   

Did you find this guide helpful? Tweet at us @OPSWAT and let us know if you have any questions!

For more information, please contact one of our cybersecurity experts.