talked with support and they sent me the instruction on upgrading to 7.1.6.
I replaced the Gateway Antimalware ruleset witht he one from the library. And Skip on Streaming Media is there.
Should i leave gateway antimalware at the bottom of my rule sets?
Also the old rule set had the rule " Allow Streaming Media From List Antimalware Media Type Whitelist" enbled, Show this be re-enabled?
Can you explain the Streaming media, with probability 70%?
sounds good. You should leave the Gateway Antimalware close to the bottom of the policy, it will avoid MWG from scanning files that have already been blocked by earlier filters, which is vital for performance reasons. I do no think you will need the old rule again, since the streaming detector will do the stream detection for you.
The streaming detector uses various pieces of information such as URL, category, media type sent by the server and the first bytes of data coming back to decide whether a downloaded file is a stream or not. Each criteria it checks allows to do a "weighting", for example if the URL is in category "Streaming Media" we assume the file is a stream with lets say 90%. If the then find the file is a text-file, the probability will reduce to lets say 50% (the values are just examples). It works similar to spam detection, where you combine multiple criteria such as sender host, subject, region, header, etc to a propability.
This is just a pretty basic overview. Do you have any more specific questions in regards to the streaming detector?
And the most important question, is the stream working that was not going through before?
The old rule "Allow Streaming Media From List Antimalware Media Type Whitelist" isn't necessary anymore - it used explicit list of "popular" sites to prevent AV from stuck in stream processing.
It's recommended (but not required) to keep Gateway Antimalware at the bottom, because AV scanning is "heavyweight" operation, and if more "lightweight" conditions (like URL Category checking, etc.) could block request or response before AV, then performance of your system will be better.
Regarding probability - Streaming Detector filter uses set of heuristics to to calculate probabilty that current response is stream. Different streams are detected slightly differently, but usually detection is in the range 70-100%. Streaming detector implements boolean property with values true/false, so you need to specify configuration to the filter that will setup "minimal probability" so if calculated value of probability is higher than this value, then filter will return "true", and will return "false" otherwise.
That's fine! Thank you for sharing this information. If you'll find some URL that doesn't work once again, please report it to us - we'll try to find what's happening
yes, Streaming Detector ist a real cool thing and works fine. 🙂
In some cases some streams are also not working because there is a problem with chunked encoding. Just add a rule where you can add a workaround as an event. There you can define the workaround when a player does not support chunked encoding.
ThorstenNachricht geändert durch Troja on 14.03.12 09:22:50 MEZ
It has been a while since this diskussion has been started. I was looking for certain reasons for the appropriate ruleset "Skip on Streaming Media" in the library, however, not found. Was also searching for anything in that direction, also without success. Is StreamingDetector still available in that manner as described before?
Release is 126.96.36.199.
the "Skip on Straming Media" rule set checks some criteria such as category and/or media type to decide whether the transferred file is a stream and therefore should skip the AV engine in order to play. The "Streaming Detector" eliminates the need for such a rule set, since the Streaming Detector uses category, media type + a couple of other parameters to validate if a file is a stream.
So basically in older versions of MWG without Streaming Detector you need some static rules which help with streams, in more recent version the Streaming Detector performs those steps automatically. Easiest thing is to disable the Gateway Antimalware rule set you currently have and import it again from the in-product library. It contains the latest rules to ensure proper stream detection and malware protection.