Anti-Virus

HAVP, our anti-virus solution, has pretty much a point and shoot setup. Once installed, there are only a few settings (Services->Anti-Virus) to change on the HTTP proxy tab:

Table 3: Anti-virus settings

There are several other discretionary settings including file types to scan, logging, etc. Figure 10 shows the settings for Cerberus.

Figure 10: HTTP proxy settings for anti-virus

And a few more in Figure 11.

Figure 11: More HTTP proxy settings for anti-virus

There are also some minor settings under the Settings tab dealing with update frequency and logging. Figure 12 shows how Cerberus is configured.

Figure 12: Miscellaneous AV settings

Once you have saved your settings, you can verify that both the HAVP proxy and the ClamAV scanning engine are running under the General page tab:

Figure 13: HAVP and ClamAV running

Once you are fully updated (should take about ten minutes), you can test your install using safe virus simulation files provided by Eicar.org.

Figure 14: Eicar.org virus test file

Only two of the test files are recognized as threats. Files with the extension COM are not scanned, and embedded archives are not tested, underlining the need for separate anti-virus on each host machine.

Anti-Virus is now up and running.

That's it for this installment. Next time, we'll continue the conversion to UTM with Content Filtering setup and plenty more.