If you have purchased and enabled the Gateway AntiVirus feature, you can specify the actions the Firebox takes if a virus is found in a website or when the device cannot scan a website.
- To use the proxy definition screens to activate Gateway AntiVirus, see Activate Gateway AntiVirus from Proxy Definitions.
- To use the Tasks menu in Policy Manager to activate Gateway AntiVirus, see Activate Gateway AntiVirus with a Wizard from Policy Manager.
- To configure Gateway AntiVirus for the HTTP-proxy, see Configure Gateway AntiVirus Actions.
When you enable Gateway AntiVirus, you must set the actions to take if a virus or error is found in a web page.
The options for antivirus actions are:
Allows the packet to go to the recipient, even if the content contains a virus.
Drops the packet and drops the connection. No information is sent to the source of the message.
Blocks the packet, and adds the IP address of the sender to the Blocked Sites list.
Gateway AntiVirus scans each file up to the kilobyte count you specify. Any additional bytes in the file are not scanned. This allows the proxy to partially scan very large files without a large effect on performance.
For information about the default and maximum scan limits for each Firebox model, see About Gateway AntiVirus Scan Limits.
To specify the antivirus actions:
- In the Categories tree, select AntiVirus.
The AntiVirus page appears.
- From the When a virus is detected drop-down list, select an action: Allow, Drop, Block.
- From the When a scan error occurs drop-down list, select an action: Allow, Drop, Block.
- For each action, to send an alarm message when the action you specified occurs, select the Alarm check box.
- For each action, to send a log message when the action you specified occurs, select the Log check box.
- In the Limit scanning to firsttext box, type or select the file scan limit in kilobytes.
- Click OK.