Scan for spyware

You can have IWSVA check your LAN clients' HTTP and FTP downloads for individual spyware programs. You can also have IWSVA monitor client Web requests and then block all attempts to access a known spyware site. They are two different actions.

• Scan Web downloads for spyware files

• Prevent access to known spyware and phish sites

 To scan Web downloads for spyware files:

1. From the main IWSVA menu, click HTTP > HTTP Malware Scan > Policies or FTP > Scan Rules.

2. For HTTP, open one of the policies that appears, and click the Spyware/Grayware Scan Rule tab. For FTP, click the Spyware/Grayware Scan Rule tab.

3. Click Spyware, and any other grayware programs you want to check for, and then click Save at the bottom of the page.

• Note: After enabling spyware scanning, you should update the spyware pattern file.

 To prevent access to known spyware and phish sites:

1. From the main IWSVA menu, click HTTP > URL Access Control > Global URL Blocking > Via Pattern File (PhishTrap).

2. Select any or all of the following:

• Phishing—prevents access to known "counterfeit" Web sites (those that are designed to fool users in to providing confidential information).

• Spyware—prevents access to URLs known to be destination targets of spyware, for example the URL to which a spyware sends captured keystrokes

• Virus accomplice—prevents outbound access to URLs associated with virus activity, worms, or other exploits

• Disease vector—prevents access to Web sites known to exists for malicious purposes

3. Click Save at the bottom of the page.

4. Next, from the main IWSVA menu, click Summary.

5. Choose PhishTrap pattern and then click Update to be sure you are using the latest phish patterns (then do the same for Spyware patterns).

See also

• HTTP: Spyware/Grayware Scan Rule

• FTP: Spyware/Grayware Scan Rule

• URL Blocking (PhishTrap)

• Example Phish