locked
Publishing OWA via TMG 2010 - AV Scan Inbound HTML RRS feed

  • Question

  • We are currently using MS ISA 2006 and publish OWA via a web listener. Also we have a 3rd party product (Trend Micro Web Protect) to scan the HTML Traffic (OWA). We are in the process of upgrading to TMG 2010. It is running Stand-alone \ Workgroup in DMZ, not installed on an Edge Server. Its sole purpose is to simply publish OWA only. This is not a SMTP gateway by any means.

    The question is what needs to be done on TMG 2010 to make sure that the HTML traffic (OWA), is scanned for virus(s). Currently i can attach a EICAR file and it will never detect it. I can only find ways of scanning inbound SMTP not HTML. And inbound\outbound HTML if it is a client. But not for OWA (because they are external and not internal clients using it as a gateway).

    If anybody has done this successfully please respond - Thanks

     


    CM
    Wednesday, July 28, 2010 2:48 PM

Answers

  • Hi CM,

    The Antimalware feature of TMG is indeed for outbound/forward proxy only.

    To my knowledge, you will still need to run a third party AV product for scanning inbound/reverse proxy.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, July 28, 2010 3:47 PM
    Moderator
  • Seen answers in line

    1) I need to inspect HTTP (s) inbound traffic for OWA (malware\spyware\virus) for published rules

    BALA: Malware inspection  feature is not available for publishing traffic . If the product team site creates confusion around this and i have notified the respective content team to update the link with clear statement. ( Thanks for the feedback!)

    2) I have only found that the way to enable virus and content filtering is to create an email policy (Email Policy Wizard) \ otherwise they are disabled.

    BALA: - from the above line "enable virus and content filtering" - In which part of UI you trying to do this? If your goal is to provide Malware inspection for forward proxy Web traffic , you will need to enable Malware inspection in the  web access policy and also in the access rule ( Malware inspection Tab ) and your update center should be able to download Signatures from Microsoft Update or from WSUS.  To do this , you do not have to enable email policy.

     

     


    Bala Natarajan [MSFT]| Sr. Support Escalation Engineer | CSS Security
    • Proposed as answer by James Kilner Sunday, August 1, 2010 9:01 AM
    • Marked as answer by James Kilner Sunday, August 1, 2010 9:02 AM
    Friday, July 30, 2010 6:52 PM
    Answerer

All replies

  • Hi CM,

    The Antimalware feature of TMG is indeed for outbound/forward proxy only.

    To my knowledge, you will still need to run a third party AV product for scanning inbound/reverse proxy.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, July 28, 2010 3:47 PM
    Moderator
  • JJ,

    Thanks,

    Then somebody from MS needs to explain why right on the TMG Website for a feature it says this:


    Web antivirus/anti-malware protection-
     Inbound and outbound Web traffic is inspected for viruses and malware,
    including archived folders. Encrypted folders can be blocked. For large files, users are trickled
    the file to assure them the file is being downloaded.

    I cant even enable the Virus \ malware scanner unless i have a email policy in place, which i dont need.


    CM
    Wednesday, July 28, 2010 5:10 PM
  • Can you share the link that has this claim . It will help to verify and correct it
    Bala Natarajan [MSFT]| Sr. Support Escalation Engineer | CSS Security
    Wednesday, July 28, 2010 6:18 PM
    Answerer
  • Thursday, July 29, 2010 11:44 AM
  • Thanks for the link. I will send feedback to the owner of this page
    Bala Natarajan [MSFT]| Sr. Support Escalation Engineer | CSS Security
    Thursday, July 29, 2010 2:26 PM
    Answerer
  • Bala,

    Can you please make another post when you get the validity of the information on the Web page. And state weather or not MS incorrectly stated a product feature. It would do wonders for my upper management to prove we need to shell out more $ then originally thought to implement the new product....Thanks


    CM
    Thursday, July 29, 2010 2:39 PM
  •  There is  no need to enable email policy to enable malware inspection. I am not clear on your previous post

    --------

    I cant even enable the Virus \ malware scanner unless i have a email policy in place, which i dont need.


    CM

    ----------

    I thought you wanted MS to clarify the malware insection for publishing rules

    What is the clarification you are expecting from MS?

    1. about  HTTP Malware inspection for publishing traffic?

    or

    2. About your observed need to enable email policy to enable malware inspection?

    Thanks

     


    Bala Natarajan [MSFT]| Sr. Support Escalation Engineer | CSS Security
    Friday, July 30, 2010 6:07 AM
    Answerer
  • I need both basically verified because the product is not functioning as proposed via website,

    1) I need to inspect HTTP (s) inbound traffic for OWA (malware\spyware\virus) for published rules

    2) I have only found that the way to enable virus and content filtering is to create an email policy (Email Policy Wizard) \ otherwise they are disabled.


    CM
    Friday, July 30, 2010 4:49 PM
  • Seen answers in line

    1) I need to inspect HTTP (s) inbound traffic for OWA (malware\spyware\virus) for published rules

    BALA: Malware inspection  feature is not available for publishing traffic . If the product team site creates confusion around this and i have notified the respective content team to update the link with clear statement. ( Thanks for the feedback!)

    2) I have only found that the way to enable virus and content filtering is to create an email policy (Email Policy Wizard) \ otherwise they are disabled.

    BALA: - from the above line "enable virus and content filtering" - In which part of UI you trying to do this? If your goal is to provide Malware inspection for forward proxy Web traffic , you will need to enable Malware inspection in the  web access policy and also in the access rule ( Malware inspection Tab ) and your update center should be able to download Signatures from Microsoft Update or from WSUS.  To do this , you do not have to enable email policy.

     

     


    Bala Natarajan [MSFT]| Sr. Support Escalation Engineer | CSS Security
    • Proposed as answer by James Kilner Sunday, August 1, 2010 9:01 AM
    • Marked as answer by James Kilner Sunday, August 1, 2010 9:02 AM
    Friday, July 30, 2010 6:52 PM
    Answerer
  • Bala,

    I need to have Malware, Spyware, Antivirus, HTTP(s) inspection, content inspection, etc for all OWA Traffic which the TMG is publishing. I used to have this with ISA2006 and Trend Micro Interscan web protect.

    Now i do not have this with TMG2010.

    How can i accompish this


    CM
    Tuesday, August 3, 2010 7:03 PM