IWSVA blocks any URL that it determines to be infected and returns the message “URL is blocked” for any subsequent requests. The block will be active for 4 hours by default, although this can be configured.

To configure the default block time:

1. Log on to IWSVA either directly or with SSH as "root".

2. Edit the configuration file /etc/iscan/intscan.ini as described in the KB article: Editing configuration files of Linux-based products.

   Look for the parameter "infected_url_block_length" in the section [Scan-configuration] and change the value to a different number in order to change the blocking time (in hours).

3. Restart the HTTP scanning daemon with the following commands:

   /etc/iscan/S99ISproxy stop
   /etc/iscan/S99ISproxy start

If you are confident that the detection of the URL is infected and a false positive, submit a false positive case on our Malware Support portal.

To make this blocking persistent over the service restart, the Scanning Daemon creates a temporary configuration file infectedB.ini during normal shutdown and stores the current blocking configuration in it.

It is also possible to turn off temporary URL blocking by setting disable_infected_url_block=yes in intscan.ini. However, this is not recommended because it might affect the amount of resources used by scanning the same content again and again.