We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure ClamAV Virus Scanning

  • Last updated on

Before configuring ClamAV virus scanning, activate the Virus Scanner service. For more information, see How to Enable the Virus Scanner.

To configure ClamAV virus scanning, you can define settings for the following features:

  • Archive ScanningDefine the settings for compressed scanning archives.
  • Malware DetectionIn addition to viruses, ClamAV can also detect malware, spyware, or bandwidth wasters. Specify which of these threats that the engine should scan for.
  • Engine-Specific OptionsSpecify scanning, phishing detection, and data loss prevention settings for ClamAV.
  • HTTP Multimedia StreamingBecause the Virus Scanner service downloads an entire file before scanning and delivering it, some audio or video streams cannot be accessed. To enable content streaming, disable virus scanning for specific DNS domains.

Archive Scanning

  1. From the Config Tree, open the Virus Scanner Settings page (Virtual Servers > your virtual server > Assigned Services > Virus-Scanner).
  2. From the Configuration menu in the left navigation pane, click Archive Scanning.
  3. Click Lock.
  4. In the ClamAV Archive Scanning section, define the following archive scanning settings:

    SettingDescription
    Scan ArchivesEnables or disables the archive scan
    Max. Scan Size (MB)

    The maximum amount of data to be scanned for each file. Specifying a maximum size prevents the virus scanner from being overloaded. Archive and other container files are recursively added and scanned up to this value.

    If a maximum scan size is not entered or the limit set too high, this may result in severe damage to the system.

    Max. File Size (MB)The maximum size for files to be scanned. Files that exceed this limit will not be scanned. If a limit is not required, enter 0 (zero).
    Max. Nesting DepthThe maximum nesting level for the archives. If a limit is not required, enter 0 (zero).
    Max. File CountThe maximum number of files that can be stored in an archive. If a limit is not required, enter 0 (zero).
    Block Encrypted Archives

    To block encrypted archives, select yes.

    If the archive contains file types like .zip, .rar, .exe, .iso, .tar, .tgz, .cab, .msi, .btn, etc., it is possible that one of these files is encrypted (virus scanner message: Encrypted archives are blocked). In this case, the virus scanner will block the whole archive. To disable blocking of encrypted archives, select no.

  5. Click Send Changes and Activate.

Malware Detection

  1. On the Virus Scanner Settings page (Virtual Servers > your virtual server > Assigned Services > Virus-Scanner).
  2. In the left menu, click Malware Coverage.
  3. Click Lock.
  4. In the ClamAV Possibly Unwanted Applications (PUA) section, specify the types of malware that the engine should scan for.
  5. Click Send Changes and Activate.

Engine-Specific Options

  1. On the Virus Scanner Settings page (Virtual Servers > your virtual server > Assigned Services > Virus-Scanner)
  2. In the left menu, click Engine Specifics.
  3. Click Lock.
  4. In the ClamAV Misc. Scanning Options section, specify the types of files that should be scanned. You can also enable heuristic and HTML scanning.
  5. In the ClamAV Phishing Protection section, specify the following settings to detect phishing attacks:
    • Use Phishing Signatures – To enable signature based phishing detection, select yes.
    • Always block SSL Mismatch – To block SSL mismatches in URLs (even if a URL is not in the database), select yes.
    • Always Block Cloak – To block all cloaked URLs (even if a URL is not in the database), select yes.
  6. In the ClamAV Data Loss Prevention (DLP)  section, specify the following settings to detect possible private data theft:
    • Min. Credit Card Count – The minimum amount of credit card numbers that can be stored in a file before the file is detected.
    • SSN Format – To enable the DLP module to scan for valid social security numbers, select yes.
    • Min. SSN Count – The minimum amount of social security numbers that can be stored in a file before the file is detected.
  7. Click Send Changes and Activate.

HTTP Multimedia Streaming

  1. On the Virus Scanner Settings page (Virtual Servers > your virtual server > Assigned Services > Virus-Scanner).
  2. In the left menu, click Content Scanning.
  3. Click Lock.
  4. In the Scan Exceptions table, add an entry for each DNS domain that should not be scanned.
    • Enter a name for the entry and click OK.
    • In the Allowed MIME types table, add an entry for each MIME type that should not be scanned.

      To determine the MIME type for a file, enable the debug log and check the cas log files.

      To enable the debug log, go the Virus Scanner Settings -Basic Setup page. In the Debug Log Level field, enter 1

    • In the Domain field, enter the domain name.
  5. Click Send Changes and Activate.
Last updated on