Skipping Certain MIME Content Types

The process of scanning certain MIME content can prevent the normal display or arrival of the content to the requesting client. For example, checking streamed content such as RealAudio for Internet threats can disrupt delivery to the media player. To scan such files, IWSVA must download the entire stream, scan it, and then deliver the whole file to the requesting user—the player may be unable to handle the file as a whole.

To prevent IWSVA from scanning certain MIME types:

1. Open the IWSVA console and in the navigation menu click HTTP > Advanced Threat Protection > Policies and then from the list, choose the policy you want to modify.

2. Open the Virus Scan Rule tab and go to the Scan These Files Types (if not blocked) section.

3. In the MIME content-type to skip list,check the check box for the MIME content type files that users may receive without scanning.
   - To represent an entire class of MIME, check the box for the type. For example: image, audio, video, or other
   - To represent a MIME sub-class, enter the class and type. Example: application/pdf
   - By default, IWSVA skips some file types when virus scanning to improve performance and user experience with streaming audio and video applications. To change the default scanning behavior and enable scanning of these MIME file types, simply remove the MIME file type to be scanned from the "MIME content type to skip" exceptions list. For the list of file skipped by default, click HERE >>

   • application/vnd.rn-realmedia

   • audio/wav

   • audio/x-wav

   • audio/Microsoft-wave

   • audio/mpeg

   • audio/x-mpeg

   • audio/mid

   • image/gif

   • image/jpeg

   • image/png

   • image/x-xbitmap

   • image/x-icon

   • image/vnd.microsoft.icon

   • video/avi

   • video/mpeg

   • video/quicktime

   • video/x-ms-asf

   • video/x-ms-wmv

   • video/x-msvideo

    

4. Click the Enable MIME type validation check box to enable the true file type validation of MIME content type files. Enabling validation performs a true-file-type check on the MIME stream. However, not all MIME types can be accurately detected. If false positives occur, disable the MIME type validation and content-type validation will occur.

• Note: You should evaluate the risk of disabling the scanning versus leaving scanning enabled before making the change to the default scanning policies.

5.  Click Save to update the configuration file.

Notes:

• MIME designations can be forged. IWSVA will check the true file type to protect against forged MIME types if you check the Enable MIME type validation check box.

• When specifying MIME content-types to skip in the Other: field, enter a top-level media type followed by a slash to exclude the entire class from scanning.

• Separate multiple values with a space.

• Enter a top-level media type followed by a subtype to exclude that individual content from being scanned

• To shorten the virus scanning time, you may copy the MIME Content-types and paste them into the MIME content-type to skip Other: field.

See also:

• MIME types

• Streaming media

• HTTP Virus Scan Rule

• FTP Virus Scan Rule