Configure Gateway AntiVirus Actions

When you enable Gateway AntiVirus for a proxy policy, you set the actions to be taken if a virus is found or a file cannot be scanned in an:

  • Email message (SMTP, IMAP, or POP3 proxies)
  • Web page download or upload post (HTTP, TCP-UDP, or Explicit proxy)
  • Uploaded or downloaded file (FTP proxy)

Gateway AntiVirus default and maximum scan size limits are set based on the hardware capabilities of each Firebox model. Minimum scan size for all models is 1 MB. Gateway AntiVirus does not scan files larger than the scan limit you set.

The default and maximum scan size limits changed in Fireware v12.0.1. When you upgrade Fireware OS, the Gateway AntiVirus Scan size limit does not automatically change to the new default. We recommend that you update the Scan size limit to the default value for your Firebox model. For more information, go to About Gateway AntiVirus Scan Limits.

You can configure Gateway AntiVirus to take these actions when it identifies a virus or when a scan error occurs:

Gateway AntiVirus actions occur only when a rule in the proxy action is configured with the AV Scan action. For information about how to configure Gateway AntiVirus in rules in a proxy action, go to Enable Gateway AntiVirus in a Proxy Policy.

Configure Gateway AntiVirus Actions for a Proxy

For each proxy action, you can enable Gateway AntiVirus and you can select the actions to take when a virus is detected and when a scan error occurs. Scan errors occur when the process fails or Gateway AntiVirus cannot scan an attachment, such as binhex-encoded messages, certain encrypted files, or password-protected ZIP files. When you set this to Allow, Gateway AntiVirus allows files to pass through the firewall.

When you enable Gateway AntiVirus for a proxy action, this automatically changes the action for rules in the proxy action from Allow to AV Scan.

You can configure the Gateway AntiVirus actions for a proxy in the Gateway AntiVirus settings in the proxy action. Or you can edit the proxy action settings in the Gateway AntiVirus settings. The procedure in this topic uses the second method.

If you enable DLP and Gateway AntiVirus for the same proxy action, the larger configured scan limit is used for both services.

For the HTTP proxy (and the Explicit and TCP-UDP proxies), the General Gateway AntiVirus settings only apply when AV Scan is selected in the Action drop-down lists on the URL Paths, Content Types, and Body Content Types rules for the policy.

You can configure an HTTP proxy to scan objects based on content types and body content types. For more information, go to Optimize Gateway AntiVirus.

By default, when you enable Gateway AntiVirus for a proxy policy from the Gateway AntiVirus configuration, the default action for content that does not match a proxy rule is automatically set to AV Scan. You can improve Gateway AntiVirus performance if you change the default action for HTTP content that does not match a configured proxy rule. For more information, go to Configure Gateway AntiVirus Actions for HTTP Content.

When you enable Gateway AntiVirus in a proxy action, a warning message appears in the Gateway AntiVirus settings if automatic updates are disabled for Gateway AntiVirus signatures. To configure automatic updates, go to Configure the Gateway AntiVirus Update Server.

Related Topics

Update Gateway AntiVirus Settings

Optimize and Troubleshoot Gateway AntiVirus