IWSVA blocks any URL that it determines to be infected and returns the message “URL is blocked” for any subsequent requests. The block will be active for 4 hours by default, although this can be configured.
To configure the default block time:
- Log on to IWSVA either directly or with SSH as "root".
-
Edit the configuration file /etc/iscan/intscan.ini as described in the KB article: Editing configuration files of Linux-based products.
Look for the parameter "infected_url_block_length" in the section [Scan-configuration] and change the value to a different number in order to change the blocking time (in hours).
-
Restart the HTTP scanning daemon with the following commands:
/etc/iscan/S99ISproxy stop
/etc/iscan/S99ISproxy start
If you are confident that the detection of the URL is infected and a false positive, submit a false positive case on our Malware Support portal.
To make this blocking persistent over the service restart, the Scanning Daemon creates a temporary configuration file infectedB.ini during normal shutdown and stores the current blocking configuration in it.
It is also possible to turn off temporary URL blocking by setting disable_infected_url_block=yes in intscan.ini. However, this is not recommended because it might affect the amount of resources used by scanning the same content again and again.