Multi-layer malware detection for web traffic

Malware often reaches systems via web traffic. SafeSquid provides multiple scanning layers: built-in SqScan, ClamAV integration, and ICAP-based external scanners. HTTPS inspection must be enabled to scan encrypted traffic. The documents below cover configuration and reference for each scanner.

Malware scanner configuration and reference guides

SqScan

Built-in scanning alone may not cover all threat signatures or formats. SqScan is SafeSquid's built-in module for scanning HTTP and HTTPS traffic for viruses, Trojans, and malware. It provides a first layer of protection without external daemons. Configure and use SqScan for HTTP and HTTPS scanning using this document.

ClamAV Malware Scanning

Enterprises need an extra layer of detection using a widely updated signature engine. ClamAV integration allows SafeSquid to send content to a ClamAV daemon for scanning. Multiple file formats and archives are supported. Integrate a dedicated ClamAV server with SafeSquid using this document.

ICAP

Organizations use third-party ICAP antivirus or content adaptation services for policy. ICAP integration lets SafeSquid send HTTP/HTTPS content to ICAP servers for virus scanning and content modification. Dr. Web, Kaspersky, Symantec, and Trend Micro are examples of ICAP-based solutions. Configure ICAP server connections using this document.

Adaptable External Parser

Custom or proprietary scanners may require a flexible integration pattern. The Adaptable External Parser allows SafeSquid to invoke external scanning or parsing logic for content. This supports integration with non-ICAP or custom antivirus and DLP tools. Use this document to configure and integrate external parsers.

Next steps

Enable SSL Inspection so HTTPS traffic is scanned; combine with Data Leakage Prevention for upload/download inspection.

Malware scanner configuration and reference guides​

SqScan​

ClamAV Malware Scanning​

ICAP​

Adaptable External Parser​

Next steps​