If you have purchased the Gateway AntiVirus feature, the options in the AntiVirus category set the actions necessary if a virus is found in an email message. It also sets actions for when an email message contains an attachment that the SMTP-proxy cannot scan.
- To use the proxy action settings to activate Gateway AntiVirus, go to Enable Gateway AntiVirus in a Proxy Policy.
- To use the Subscription Services menu to activate Gateway AntiVirus, go toEnable Gateway AntiVirus with a Wizard.
In the Gateway AV settings in the proxy action, you can select the Enable Gateway AntiVirus check box to automatically change the action for all rules in the proxy action from Allow to AV Scan.
In the Gateway AV settings in the proxy action, you can set these actions to take if a virus is detected or if a file cannot be scanned.
Allow
Allows the packet to go to the recipient, even if the content contains a virus.
Lock
Locks the attachment. This is a good option for files that cannot be scanned by the SMTP-proxy. A file that is locked cannot be opened easily by the user. Only the administrator can unlock the file. The administrator can use a different antivirus tool to scan the file and examine the content of the attachment. For information about how to unlock a file locked by Gateway AntiVirus, go to Unlock a File Locked by Gateway AntiVirus.
Quarantine
When you use the SMTP proxy with the spamBlocker security subscription, you can send email messages with viruses or possible viruses to the Quarantine Server. For more information on the Quarantine Server, go to About the Quarantine Server. For information on how to set up Gateway AntiVirus to work with the Quarantine Server, go to Configure Gateway AntiVirus to Quarantine Email.
Remove
Removes the attachment and allows the message through to the recipient.
Deny
Denies delivery of the email. The Firebox sends an SMTP 554 Transaction Failed response to the source of the message with the reason the email was denied. The deny reason can be Virus Detected, APT Threat Detected, DLP Violation Detected, DLP Error, Unscannable Object, or DLP Error Encountered.
The Deny action is supported for the SMTP-proxy in Fireware OS v12.2.1 and higher.
Drop
Drops the packet and drops the connection. No information is sent to the source of the message.
Block
Blocks the packet, and adds the IP address of the sender to the Blocked Sites list.
If you set the configuration to allow attachments, your configuration is less secure.
You can also configure the Scan size limit. Gateway AntiVirus does not scan files that are larger than the configured scan size limit.
The default and maximum scan size limits changed in Fireware v12.0.1. When you upgrade Fireware OS, the Gateway AntiVirus Scan size limit does not automatically change to the new default. We recommend that you update the Scan size limit to the default value for your Firebox model. For more information, go to About Gateway AntiVirus Scan Limits.
For more information about how to configure the Gateway AntiVirus actions and scan size limit go to Configure Gateway AntiVirus Actions.