We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Virus Scanning in the Firewall for Web Traffic

  • Last updated on

The firewall scans web traffic for malware on a per-access-rule basis when virus scanning in the firewall is enabled. When a user downloads a file, the firewall intercepts and scans the file if it is smaller than the limit set in the large file policy and if the MIME type is listed in the Scanned MIME Types list. Files matching a MIME type exception are not scanned. To avoid browser timeouts while downloading the file, a very small amount of data is trickled to the browser to keep the connection open. Data trickling ceases while the file is scanned by the virus scanner. If the large file watermark is set to a very high value, browser sessions might time out. In this case, decrease the large file policy value. If the virus scanning services detects malware, the infected file is discarded, and the user is redirected to a customizable block page. The very small partial download from data trickling might still be present on the client. You can combine virus scanning with SSL Interception to also scan HTTPS connections. 

virus_scanning_https_traffic.png

Before You Begin

Step 1. Enable the Virus Scanner in the Firewall

  1. Go to FIREWALL > Settings.

  2. In the Firewall Policy Settings section, enable TCP Stream Reassembly.
  3. Make sure that Application Control is enabled.

  4. In the Virus Scanner section:

    1. Set Enable Virus Scanner to Yes.

    2. Set Enable for HTTP & HTTPS to Yes.
       virus_protection_http_68_02.png

  5. (optional) Click Show to configure Advanced Options:

    Changing settings for the Virus Scanner also affects virus scanning for mail traffic.

    1. Change the default behavior If Virus Scanning is not available.

      • Block All – (default) Block all files.

      • Allow All –  All pages will be allowed.

    2. Configure the following settings:
      • Block Large Files / Large File Limit – To block files that exceed the Large File Limit, enable Block Large Files.The large file policy is set to a sensible value for your appliance. The maximum value is 1024 MB. If disabled, large files will not be scanned. Instead, they will be delivered directly to the client.
      • Scanned MIME TypesIf applicable, you can add MIME types of files you want the firewall to scan to the Scanned MIME Types list. To add a file type, enter the file path and click +. To remove a file type, click - next to the file entry in the list. Click Reset to Defaults to restore the default list. For more information, see Default MIME Types in Virus Scanner.
      • ExemptionsDefine exemptions from scanning based on IP addresses and hostnames.
      • Archives – Enable, to scan archives and block archive files that are encrypted and cannot be scanned.
      • Data Trickling – Change how fast and how much data is transmitted. Change these settings if your browser times out while waiting for the file to be scanned.
    3. Click Save.
  6. Click Save.

Step 2. Enable the Virus Scanner in Access Rules

Create or edit an access rule for the HTTP / HTTPS connections that you want to apply Virus Protection to. Virus Protection can be enabled for all Allow and DNAT rules.

  1. Go to FIREWALL > Access Rules.
  2. Create an access rule with the following settings:
    • Action – Select Pass.
    • Connection – Select Dynamic NAT.
    • Source – Select Trusted LAN, and click +.
    • Network Services – Select HTTP+S, and click +.
    • Destination –  Select Internet, and click +.
  3. Enable Application Control and Virus Scanner.

  4. (optional) Enable SSL Interception.
     virus_protection_http_02.png

  5. Click Save.

Monitoring and Testing

You can test the Virus Scanner setup by downloading EICAR test files from http://www.eicar.com. The block page is customizable. For more information, see How to Configure Custom Block Pages and Texts.

virus_protection_http_68_04.png

To monitor detected viruses and malware, go to the BASIC > Recent Threats page.

virus_protection_http_68_05.png

Next Steps

To combine ATP with virus scanning, see Advanced Threat Protection (ATP).

Last updated on