In part one of this series, we covered the capabilities of Axway SecureTransport ICAP integration with third-party Antivirus and DLP software and some details on its configuration. In the second part, we covered a simple way to validate and test that the AV scanning is working for both inbound and outbound files. This final installment will cover Antivirus/DLP scanning when working with PGP-encrypted files.
Working with PGP-encrypted files
Simply put, no Antivirus system can detect a virus in a PGP-encrypted file. A file must be decrypted before being scanned for a virus.
For PGP files that are being “passed thru” Axway SecureTransport without being decrypted the best option is skip scanning them so as not to waste system resources. To skip scanning, adjust the “Ignored File Types” parameter in the Scan Filters of ICAP Settings by adding the pgp and asc file type extensions.
When Axway SecureTransport receives an unencrypted file and must PGP encrypt the file prior to delivery (OUTBOUND) to an endpoint or a partner downloading the file, then the file can be virus scanned on the INBOUND side when the file is received prior to the PGP encryption step. Incoming file transfers are file uploads, AdHoc message creation, and Server-initiated pulls (for example from a Transfer Site or Folder Monitor).
One easy way to accomplish this is to set the ICAP Server Type to BOTH and the Ignored File Types to “pgp,asc” in the ICAP Server Settings. This will have the effect of only scanning the file on the INBOUND side as the file name won’t have a pgp or asc extension.
For the reverse case where Axway SecureTransport is receiving a PGP encrypted file and must decrypt it before the AV scan and delivery, the required ICAP Server Settings are the same but will now only scan on the OUTBOUND side since on this side the file name shouldn’t have the asc or pgp extension after the PGP Decrypt step.
The last scenario is if the incoming PGP encrypted file must be decrypted for AV scanning and then re-encrypted for delivery to the final endpoint. This can be done but will require two routes in SecureTransport. The following diagram shows one approach to doing this.
Note that the ICAP Server Type is set to INBOUND and the Ignore File Types is set to “pgp,asc”.
The net effect is that the file will only be scanned for viruses AFTER the first route PGP decrypts the file and then routes it to the inbound subscription folder of the second route. This avoids redundant scanning of the file.
In conclusion, Axway SecureTransport provides highly configurable and powerful AV and DLP scanning capabilities when paired with an ICAP compatible third-party AV/DLP solution.
This will allow you to identify and eliminate viruses before they can compromise your systems and to identify and prevent sensitive information from leaving your company walls, helping to secure your company’s – and your customers’ – data and reputation.
Follow us on social