To configure ClamAV virus scanning, you can define settings for the following features:
- Archive Scanning – Define the settings for compressed scanning archives.
- Malware Detection – In addition to viruses, ClamAV can also detect malware, spyware, or bandwidth wasters. Specify which of these threats that the engine should scan for.
- Engine-Specific Options – Specify scanning, phishing detection, and data loss prevention settings for ClamAV.
- HTTP Multimedia Streaming – Because the Virus Scanner service downloads an entire file before scanning and delivering it, some audio or video streams cannot be accessed. To enable content streaming, disable virus scanning for specific DNS domains.
Before You Begin
Before configuring ClamAV virus scanning, activate the Virus Scanner service. For more information, see How to Enable the Virus Scanner.
Configure Archive Scanning
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Virus-Scanner > Virus Scanner Settings.
- In the left menu, select ClamAV.
- Click Lock.
- Set Scan Archives to yes to enable the archive scan.
- In the ClamAV Archive Scanning section, define the following archive scanning settings:
Max. Scan Size (MB) – The maximum amount of data to be scanned for each file. Specifying a maximum size prevents the virus scanner from being overloaded. Archive and other container files are recursively added and scanned up to this value.
- Max. File Size (MB) – The maximum size for files to be scanned. Files that exceed this limit will not be scanned. If a limit is not required, enter 0 (zero).
- Max. Nesting Depth – The maximum nesting level for the archives. If a limit is not required, enter 0 (zero).
- Max. File Count – The maximum number of files that can be stored in an archive. If a limit is not required, enter 0 (zero).
Block Encrypted Archives – To block encrypted archives, select yes.
In the ClamAV Possibly Unwanted Applications (PUA) section, specify the types of malware that the engine should scan for.
- In the ClamAV Misc. Scanning Options section, specify the types of files that should be scanned. You can also enable heuristic and HTML scanning.
- In the ClamAV Email Scanning section, select whether or not to scan URLs found in mails.
- In the ClamAV Phishing Protection section, specify the following settings to detect phishing attacks:
- Use Phishing Signatures – To enable signature based phishing detection, select yes.
- Always block SSL Mismatch – To block SSL mismatches in URLs (even if a URL is not in the database), select yes.
- Always Block Cloak – To block all cloaked URLs (even if a URL is not in the database), select yes.
- In the ClamAV Data Loss Prevention (DLP) section, specify the following settings to detect possible private data theft:
- Min. Credit Card Count – The minimum amount of credit card numbers that can be stored in a file before the file is detected.
- SSN Format – To enable the DLP module to scan for valid social security numbers, select yes.
- Min. SSN Count – The minimum amount of social security numbers that can be stored in a file before the file is detected.
- Click Send Changes and Activate.
Configure HTTP Multimedia Streaming
To enable content streaming, disable virus scanning for specific DNS domains.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Virus-Scanner > Virus Scanner Settings.
- In the left menu, select Content Scanning.
- Click Lock.
- In the Scan Exceptions table, add an entry for each DNS domain that should not be scanned.
- Enter a name for the entry and click OK.
In the Allowed MIME types table, add an entry for each MIME type that should not be scanned.
- In the Domain field, enter the domain name.
- Click Send Changes and Activate.