Virus scanning is enabled on a per-URL basis. It should only be enabled for URLs that allow file uploads because virus checking is a performance intensive task.
Enable Antivirus for File Uploads
- Go to the BOT MITIGATION > Bot Mitigation page, Bot Mitigation Policy section.
- Identify the policy for which you want to enable virus scan, and select Edit from the drop-down list under Options.
- On the Edit URL Policy page, scroll down to the File Upload Protection section and do the following:
- Set Enable Virus Scan to Yes.
- Set Enable BATP Scan to Yes (if required). For information about BATP, see Integration with the Barracuda Advanced Threat Protection.
- Click Save.
When Virus Scan is enabled for a service, all requests passing through the Barracuda Web Application Firewall for that service are scanned for viruses, and any traffic containing viruses is blocked.
Antivirus Details
The Barracuda Web Application Firewall uses the Clam AV integrated antivirus engine to scan files for embedded viruses and malware. Barracuda Networks does its own research to create the AV signatures and push them out to all units with active Energize Updates subscriptions. The Barracuda Web Application Firewall Antivirus engine supports all file types the Clam AV engine supports. Integration with the antivirus engine uses streaming, so chunks of data are sent to the AV engine as they are received. Once the AV engine returns scanned data, the data is pushed to the backend server.
The file size limitation for Antivirus scanning is currently set to 25 Mb, set in the Clam engine so it knows what file size it should expect. Barracuda Networks Technical Support can change the file size limit; however, customers do not have access to this configuration setting. The Clam engine rejects the connection request for files that are too large. Files larger than the configured limit result in a log entry indicating the scan failed because the file size was too large.