I’ve received today an email from a TMG 2010 user(Martin) about the Malware inspection feature that displays a progress notification to users.
Forefront TMG can send a HTML page to the client informing the user that the requested content is being inspected and displaying an indicator of the download and Malware inspection progress. See this for more details.
According to Martin, Internet Explorer and Firefox were able to make use of this feature.
![cont_delv_ie cont_delv_ie](/blog/image.axd?picture=cont_delv_ie_thumb.png)
![cont_delv_ff cont_delv_ff](/blog/image.axd?picture=cont_delv_ff_thumb.png)
But Opera not:
![cont_delv_opera_def cont_delv_opera_def](/blog/image.axd?picture=cont_delv_opera_def.png)
Thinking a little bit, I wondered if this has something to do with the User-Agent of the browser.
Opera can be configured to use a different User-Agent(as explained here), so I’ve configured Opera(on Windows bellow) to identify as IE.
![cont_delv_opera_cfg_spoof_usr_ag cont_delv_opera_cfg_spoof_usr_ag](/blog/image.axd?picture=cont_delv_opera_cfg_spoof_usr_ag_thumb.png)
Tried again and this time Opera(on Windows) was able to display the Malware Inspection HTML page:
![cont_delv_opera cont_delv_opera](/blog/image.axd?picture=cont_delv_opera_thumb.png)
We can see with Wireshark the difference between the original User-Agent and the modified one:
vs ![cont_delv_opera_wr_spoof_usr_ag cont_delv_opera_wr_spoof_usr_ag](/blog/image.axd?picture=cont_delv_opera_wr_spoof_usr_ag_thumb.png)
The remaining question is how to tweak TMG instead of Opera, as this should be a single change, rather than a change to every browser. Did not figure this yet.
As a side note, the Malware Inspection HTML page seems to be displayed fine on Chrome 4.0.x(on Windows):
![cont_delv_chrome cont_delv_chrome](/blog/image.axd?picture=cont_delv_chrome_thumb.png)