InterScan Web Security Virtual Appliance (IWSVA) provides "Scan before delivering" feature to prevent the client web browser from timing out in IWSVA when scanning large files.
However, the client browser would show its security warning unless it treats IWSVA as a trusted site.
To address large file scan lag, do the following:
You can set them in HTTP > Advanced Threat Protection > Policies > Virus/Malware Scan Rule.
- Scan before delivering: The client browser sees the scan progress screen IWSVA shows until IWSVA completes the scan.
- Deferred scanning: IWSVA delivers a certain amount of the file to the client browser while scanning the file.
In the case of "Scan before delivering", the client browser gets redirected to TCP port 9091 of the IWSVA server after the scan completes to download the scanned file.
By default, the URL for the redirection is "https://{IP address of IWSVA}:9091". Therefore, this leads to the following web security warnings because the client browser fails to verify the TLS/SSL server certificate of the IWSVA server.
For example:
-
Microsoft Edge
This site is not secure.
This might mean that someone's trying to fool you or steal any infor you send to the server.
You should close this site immediately. -
Mozilla Firefox
Your connection is not secure.
The owner of <the destination site> has configured their website improperly.
To protect your information from being stolen, Firefox has not connected to this website. -
Google Chrome
Your connection is not private
Attackers might be trying to steal your information from the <destination site> (for example, passwords, messages, or credit cards).
To resolve the issue, change the URL for the redirection and import a TLS/SSL server certificate:
- Log on to IWSVA as root via SSH (for example with a SSH shell such as PuTTy).
-
Create a backup copy of /etc/iscan/intscan.ini:
# cp /etc/iscan/intscan.ini /etc/iscan/intscan.ini.bak
-
Use vi to edit the file /etc/iscan/intscan.ini.
# vi /etc/iscan/intscan.ini
-
Change the following line:
scan_before_deliver_server=9091
To change "scan_before_deliver_server:9091" into the URL:
scan_before_deliver_server=iwsva.example.test:9091
- Save the file and quit.
-
Run the following commands to restart HTTP scan service.
# /etc/iscan/S99ISproxy stop
# /etc/iscan/S99ISproxy startTo import a TLS/SSL server certificate to the IWSVA server, go to Administration > Network Configuration > Web Console. You may purchase a certificate from the certificate authorities or create a self-signed certificate.
- The CN or SAN of the certificate must be the IWSVA's FQDN.
- The CA certificate should also be imported to the client browser.
