Download - SOFT-TRONIK, a.s
![Page 1: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/1.jpg)
SOFT-TRONIK, a.s.Defending Malware
Michal ČervinkaPre-sales SE
![Page 2: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/2.jpg)
Defending Malware
• Blocking Access to Malware Sites• Detecting Hidden File Types• Removing Active Content from HTML Pages• Blocking Mobile Malicious Code• Implementing Anti-malware Protection• …
![Page 3: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/3.jpg)
Blocking Access to Malware Sites
• BCWF Categories– Spyware/Malware Sources – Spyware Effects/Privacy Concerns – Phishing
![Page 4: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/4.jpg)
BCWF DRTR
Master D
BM
aster DB
HunterHunter
DRTRLanguage detection
Link check
XXX
etc
DRTRLanguage detection
Link check
XXX
etc
SAM
Anti-Malware
Thread detection engines
SAM
Anti-Malware
Thread detection engines
DBR
Deeplink inspection
Google API
And more
DBR
Deeplink inspection
Google API
And more
Human raters
Exe, cab,..Exe, cab,..
![Page 5: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/5.jpg)
Detecting Hidden File Types
• ProxySG provides– file extensions– MIME data types– apparent data types (DOS/Win executables, MS CAB)As a destination in Web Access Layer
• ProxyAV delivers– file extensions– true file-type checking in any container (archive …)
• executables, images, documents, archives
![Page 6: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/6.jpg)
Removing Active Content
• Strip– Java Applets– Plugins– ActiveX– JavaScript, VB ScriptAction at web access layer
![Page 7: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/7.jpg)
Blocking Mobile Malicious Code
• script string rewriting (substitute keywords)• script injection (prevent execution)
CPL only
CPU intensive
![Page 8: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/8.jpg)
Anti Malware Scanning
• Scan once, serve many times– ISTAG for cacheable objects– fingerprints for non cacheable
• Many ICAP Error Codes– file scanning timeout– maximum individual file size exceeded– maximum total uncompressed size exceeded– maximum total number of files in archive exceeded– maximum number of archive layers exceeded– decode/decompress error (unsupported compression method,
corrupted compression file)– password protected archive– out of temporary storage space– other errors
![Page 9: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/9.jpg)
http Parsing
• ProxySG blocks malformed HTTP requests and returns a 400 Invalid Request error by default
SGOS#(config) http tolerant-request-parsing
![Page 10: SOFT-TRONIK, a.s](https://reader035.vdocuments.site/reader035/viewer/2022062305/56814e8d550346895dbc3267/html5/thumbnails/10.jpg)
Michal ČervinkaPre-sales [email protected]
SOFT-TRONIK, a.s. OstravaTvorkovských 5709 00 Ostrava - Mariánské Horytel.: +420 597 488 811 fax: +420 596 622 486
PrahaNagano Office and Technology Park,Nagano IIIU nákladového nádraží 10130 00 Praha 3tel: +420 266 109 211 fax: +420 283 840 236
www.soft-tronik.cz