CA API Gateway 9.1

9.4 9.1

Install the Symantec Virus Scanning Assertion

The Symantec Virus Scanning custom assertion allows the gateway to send requests and attachments to a Symantec Antivirus Engine (SAVE) server for virus detection.
gateway92
The Symantec Virus Scanning custom assertion allows the
CA API Gateway
 to send requests and attachments to a Symantec Antivirus Engine (SAVE) server for virus detection.
This section describes how to install and configure the custom assertion on the Gateway. When configuration is complete, the Scan Using Symantec Antivirus Assertion appears in the Policy Manager, under both the Threat Protection and Custom Assertions palettes.
You can also use the Scan Using ICAP-Enabled Antivirus Assertion to connect the Gateway to Symantec.
Contents:
Requirements
Ensure that you have the following before configuring the Gateway for Symantec:
  • Valid installation of Symantec Antivirus Engine installed in your environment
  • Symantec Antivirus Engine (SAVE) server version 5.2
  • The Symantec Virus Scanning custom assertion RPM installation file:
    ssg-symantec-<version>.noarch.rpm
    This file is located in the "CA API Gateway CustomAssertions" distribution archive.
Do not install the Symantec Antivirus Engine on the same machine as the Gateway. Doing so may affect the performance of the Gateway.
Configure the Symantec Antivirus Engine
Make the following configuration changes to the Symantec Antivirus Engine to make it compatible with the Gateway:
  • Configure the Symantec Antivirus Engine for the ICAP protocol:
    1. Log in to the Symantec server through your web browser, using
      http://
      <server>
      :8004
      .
    2. Select the
      Configuration
       tab.
    3. Select
      ICAP
       in the
      Protocol
       tab.
  • Other configurations:
    1. Click
      Blocking Policy
      .
    2. Select the
      Antivirus
       tab and set heuristic scanning to
      High
      .
    3. Set file types to
      Scan all files regardless of extension
      .
Once the Symantec Antivirus Engine is configured, proceed to “Configure the Gateway” next.
Configure the Gateway
Two main steps are required to configure the Gateway for the Symantec Virus Scanning custom assertion:
  • Install the custom assertion onto the Gateway server.
  • Configure the assertion with your network settings.
Step 1: Install the Custom Assertion
To install the custom assertion on a Gateway:
  1. Log in as
    ssgconfig
     and open a privileged shell from the Gateway configuration menu.
  2. Stop the Gateway:
    # service ssg stop
  3. Navigate to the location of the custom assertion installation file.
  4. Run the following command to install the RPM:
    # rpm -Uvh ssg-symantec-
    <version>
    .noarch.rpm
    where
    "<version>"
     is the version number of the Gateway, plus an archive number
Step 2: Configure the Custom Assertion
To configure the custom assertion so that attachments and messages are sent to the correct location:
  1. Open the following file in a text editor:
    <SSG_home>
    /node/default/etc/conf/symantec_scanengine_client.properties
    where
    "<SSG_home>"
     is the home directory for the Gateway, which is "/opt/SecureSpan/Gateway" by default.
  2. Set the two properties in that file to appropriate settings for your network and then save and exit.
  3. Restart the Gateway.

Content feedback and comments