Gateway AntiVirus scans each file up to a specified kilobyte count. Any additional bytes in the file are not scanned. This allows the proxy to partially scan very large files without a large effect on performance. The minimum Gateway AntiVirus scan limit is 10 KB for all XTM devices. The default and maximum scan limits vary by XTM device model. The default scan limit for most Firebox and XTM devices is 1024 KB. Firebox T10 and XTM 2 Series have a default of 512 KB.
Most malware is delivered in files smaller than 1 MB in size. Larger files are less likely to spread quickly in a viral manner. We recommend that you use the default scan limit setting. If you increase the scan limit, Gateway AntiVirus scans larger files (or partial files), but it could result in fewer concurrent connections through the appliance, because the available memory is constant. If you decrease the scan limit, we recommend that you do not set it to a value lower than 256 KB.
If you enable DLP and Gateway AV for the same proxy action, the larger configured scan limit is used for both services.
For information about how to set the scan limit, see Configure Gateway AntiVirus Actions.