We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure Virus Scanning in the Firewall

  • Last updated on
The Barracuda NG Firewall scans incoming traffic for malware on a per access rule basis when AV scanning in the firewall is enabled. If a user downloads a file containing malware, the Barracuda NG Firewall detects and discards the infected file and redirects the user to a warning page. You can combine virus scanning with SSL Interception to also scan SSL encrypted connections.


In this article:

Before You Begin

Step 1. Enable the Virus Scanner Service

Ensure that the Virus Scanner service is enabled.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Virus-Scanner > Service Properties.
  2. Click Lock.
  3. From the Enable Service list, select yes.
  4. Click Send Changes and Activate.

Step 2. Configure an AV Engine

Select and configure a Virus Scanner engine. You can use Avira and ClamAV either separately or together. Barracuda NG Firewall F100 and F101 can only use the Avira virus scanning engine.

Using both AV engines significantly increases CPU utilization and load.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Virus-Scanner > Virus Scanner Settings.
  2. Click Lock.
  3. Enable the virus scanner engines of your choice:
    • Enable the Avira AV engine by selecting Yes from the Enable Avira Engine list.
    • Enable the ClamAV engine by selecting Yes from the Enable ClamAV list.
  4. Click Send Changes and Activate.

Step 3. Enable SSL Interception and AV Scanning in the Firewall

If you want to scan files that are transmitted over a SSL-encrypted connection, enable SSL Interception and virus scanning in the firewall.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Security Policy.
  2. Click Lock.
  3. Select the Enable SSL Interception check box.
  4. Upload your root CA certificate or create a self-signed Root Certificate.
  5. (Optional) Click the plus sign (+) in the Trusted Root Certificates section to add additional root certificates. 
  6. In the Virus Scanner Configuration section, select the Enable Virus Scanning in the firewall check box.
  7. In the Scanned MIME types list, add the MIME types of the files that you want the AV scanner to scan.

    The default <factory-default-mime-types> includes the most important MIME file types.

























  8. (optional) Change the Action if Virus Scanner is unavailable.

  9. (optional) Click on Advanced:

    • Large File Policy – The large file policy is set to a sensible value for your appliance. The maximum value is 4096MB.
    • Data Trickling Settings – Change how fast and how much data is transmitted. Change these settings if your browser times out while waiting for the file to be scanned.
  10. Click Send Changes and Activate.

Step 4. Enable the AV Scanner in the Firewall Rules

You can enable AV scanning for every Pass firewall rule.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules.
  2. Click Lock.
  3. Open the settings for the firewall rule that you want to enable AV scanning for.
  4. Click the Application Policy link.
  5. Select the Application Control and AV Scan check boxes.
  6. If you want to scan SSL encrypted traffic, select the SSL Interception check box.
  7. Click OK.
  8. Click Send Changes and Activate.

Monitoring and Testing

Next Steps

To combine ATD with virus scanning, see Advanced Threat Detection (ATD).

Last updated on