File upload protection incorporates both Advanced Threat Protection (BATP) and Virus Scanning. The Advanced Threat Protection licensing must be enabled for your application before it can be applied here.
Virus Scanning checks files uploaded to your application and if a virus is found, that request is denied before it reaches your server.
About Advanced Threat Protection
Files uploaded to your application might contain advanced threats. Barracuda Advanced Threat Protection (BATP) scans files uploaded to your application to detect such threats.
Enabling Barracuda Advanced Threat Protection will apply an available BATP license to this application. You will then need to enable BATP within the Form Protections. You can apply it to all or just specific URLs in your application where files are uploaded.
The Barracuda Advanced Threat Protection is a cloud-based service that provides in-depth defense against ransomware, malware, and advanced cyber attacks. The Barracuda WAF-as-a-Service integrates with the Barracuda Advanced Threat Protection (BATP) to scan all files uploaded using POST method requests with encoding type multipart/form-data. BATP scans the files with multiple malware scanners that utilize different types of detection techniques to check for anomalies in the uploaded files and provides defense against zero day attacks. When a file is uploaded, Barracuda WAF-as-a-Service processes the request and uploads the file to the server, while the BATP performs the scan and logs the details. To view BATP log for a specific application, navigate to Firewall Logs in the left menu.
BATP processes the following MIME types:
application/pdf
application/msword
application/vnd.ms-powerpoint
application/vnd.ms-excel
application/x-msaccess
application/vnd.openxmlformats-officedocument.presentationml.presentation
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
application/vnd.ms-cab-compressed
application/vnd.microsoft.portable-executable
application/vnd.openxmlformats-officedocument.wordprocessingml.document
application/rtf
For additional details, refer to Advanced Threat Protection Configuration in the Barracuda Web Application Firewall documentation.
View Virus Scanning activity
In the Barracuda WAF-as-a-Service web interface, click Applications in the left panel.
On the Applications page, click on the application for which you want to see the virus scanning activity.
Click Logs in the left panel.
On the Logs page, click Filter and do the following:
Filter Name: Enter a unique name for your filter.
Field: Select Log Type.
Condition: Select In.
Value: Select Firewall.
Click Add field.
Field: Select Attack Type.
Condition: Select In.
Value: Select Virus Scan, Virus Found, or both.
Click the Save icon.
The table will now display virus scanning activity related to the selected application.
Enable File Upload Protection
To apply File Upload Protection to all or a portion of your application:
From Application Profiles, add Form Protection to the desired URL.
In the right side panel, find File Upload Protection and click on it.
If you see the notice "'BATP Scan' requires Advanced Threat Protection to be enabled on the application" you can click the link to enable it.
Enable virus scan – Set to Enable. When enabled, files uploaded through multipart/form-data are scanned for known virus signatures. Any request containing a file that matches a virus signature is denied. The maximum file size that can be scanned is 25 MB.
Enable BAPT scan – Set to Enable.