How bypass content scanning for streaming content works on Sophos UTM

  • Article ID: 115656
  • Rating:
  • 19 customers rated this article 1.8 out of 6
  • Updated: 27 Feb 2014

This article describes how 'bypass content scanning for streaming content' works on Sophos UTM, i.e. if you check the option box 'bypass content scanning for streaming content' of the HTTP/S proxy

Details

The check-box Web Protection | Filtering Options | Misc in the 'Streaming settings' area 'Bypass content scanning for streaming content' is enabled by default. 

The Sophos HTTP/S proxy is designed to download the content for a requested URL in its entirety. i.e. from the first to the last byte of data. After having received the last byte of data, the content scanning process is started (virus scanning, ActiveX/Java/JavaScript removal). If the data is "clean", it is passed to the client (i.e. the requesting webbrowser). 

This architectural design ensures that all data is scanned by the virus engines and the client does not receive one byte of data until the proxy is sure that there is no unwanted content. However, for "streaming content" like web radio, online TV, YouTube videos, ... this can be a problem, because such streaming content typically needs a very long time from start to finish, or even does not end at all. In these cases, the proxy would need much time or even "forever" to download the data. The user would not be able to see/listen to the video/audio stream.

If the check-box 'bypass content scanning for streaming content' is checked, the HTTP/S proxy will skip the content scanning of the downloaded data if the web server tells the proxy that the data one of the following MIME types: 

0 audio/*
1 video/*
2 application/x-flash
3 application/flash
4 application/x-shockwave
5 application/shockwave
6 application/pn-real
7 application/x-pn-real
8 application/real
9 application/x-real
10 application/vnd.ms.wms-hdr.asfv1
11 application/mpeg
12 application/audio
13 application/video
14 application/sound
15 application/x-audio
16 application/x-video
17 application/x-mpeg
18 application/x-sound
19 application/quicktime
20 application/x-quicktime
21 application/mms
22 application/x-mms
23 application/x-mms-framed
24 application/x-rtsp-tunnelled
25 application/x-shockwave-flash
26 flv-application/octet-stream
27 application/x-silverlight-app 

This means the proxy will transfer each chunk of downloaded data from the web server immediately to the client (the browser), instead of collecting all chunks of data until the "end" of the stream is reached. This ensures that the streaming content is delivered without interruption to the client. Of course, the data is not scanned by the virus scanners in these cases.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments