The anti-malware filtering process is rule-based like all processes that run on Web Gateway to ensure web security.
The anti-malware filtering rules are usually contained in one rule set. They include a blocking rule that blocks access to infected objects. Other rules in this process whitelist objects to exclude them from anti-malware filtering.
Whitelisting is implemented to ensure that the users of your network can access particular objects that are not considered a risk to web security. The blocking rule of the default anti-malware filtering process on Web Gateway is executed if a web object that a user tries to access is found to be infected by a virus or other malware. To find out about an infection, the object is scanned.
The scanning is handled by the Anti-Malware module on Web Gateway. The module is called when the blocking rule is processed. It calls one or several anti-malware engines in turn, which perform the scanning.