IWSVA blocks any URL that it determines to be infected and returns the message “URL is blocked” for any subsequent requests. The block will be active for 4 hours by default, although this can be configured.
To configure the default block time:
- Log on to IWSVA either directly or with SSH as "root".
Edit the configuration file /etc/iscan/intscan.ini as described in the KB article: Editing configuration files of Linux-based products.
Look for the parameter "infected_url_block_length" in the section [Scan-configuration] and change the value to a different number in order to change the blocking time (in hours).
Restart the HTTP scanning daemon with the following commands:
If you are confident that the detection of the URL as infected is a false positive, please submit a false positive case on our Malware Support portal.