APM Antivirus (EPSEC/OPSWAT) checking
Hi all,
First post, long-time crawler.
We are currently doing a proof of concept using the built-in APM client-side antivirus checking (EPSEC/OPSWAT) for compliance. I've got everything setup and working as I would expect, but there's one thing I can't quite figure out. We are specifying the antivirus age to be no older than 7 days and are not seeing any resultant session variables set that would indicate database ages out of compliance.
Does this function look at the session.check_av.last.item_x.db_time variable? If so, I don't understand the value that is set for this variable (ie. a Kaspersky database dated Apr 20, 2014 gives db_time=1405626209, SEP database dated Jul 17, 2014 gives db_time=1405569600). The end result for both AV checks is check_av.last.result=1, check_av.last.state=1, and check_av.last.error=0, which is a PASS/SUCCESS.
If anyone can even shed light on the db_time variable value, then I can just write an iRule and set a custom flag for database age myself. That said, I know that would require the db_time to be consistent across all AV platforms.
Thanks for any help that can be provided on this.
James