To configure Avira virus scanning on the Barracuda CloudGen Firewall, import a legacy license and specify which threats the engine should scan for. You can define settings for the following features:
- Archive Scanning – Define the settings for compressed scanning archives.
- Malware Detection – In addition to detecting viruses, Avira can also detect malware, spyware, and bandwidth wasters. Specify which of these threats the engine should scan for.
- Engine-Specific Options – Import a legacy license, specify an email address to receive license notifications, and specify a quarantine directory for Avira.
- HTTP Multimedia Streaming – Because the Virus Scanner service downloads an entire file before scanning and delivering it, some audio or video streams cannot be accessed. Enable content streaming by disabling virus scanning for specific DNS domains.
Before You Begin
Before configuring Avira virus scanning, activate the Virus Scanner service. For more information, see How to Enable the Virus Scanner.
Configure Virus Scanning
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Virus-Scanner > Virus Scanner Settings .
- In the left menu, select Avira.
- Set Scan Archive s to yes to enable the archive scan.
- In the Avira Archive Scanning section, define the following archive scanning settings:
Max. Scan Size (MB) – The maximum size for a file to be scanned. (default: 1024). If an archive is scanned, the largest uncompressed file in the archive may not exceed this limit. Set to 0 to disable this limit. Disabling the limit may result in high system load.
Max. Nesting Depth – The maximum nesting level for the archives (default: 20). If a limit is not required, enter 0 (zero).
Max. Compression Ratio – The maximum allowed decompression ratio for the archives (default: 150). The maximum compression ratio is calculated by dividing the size of the largest file in the archive by the size of the unextracted archive. Disabling the max compression rate limit removes protection from ZIP bombs. ZIP bombs use very high compression ratios, causing the Virus Scanner to run out of resources when it attempts to decompress it.
- Max. File Count – The maximum number of files that can be stored in an archive (default: 10000). If a limit is not required, enter 0 (zero).
Block Encrypted Archives – To block encrypted archives, select yes.
- Block on Other Error – As some services, such as Google Play updates, may deliver partial archives for updates to save bandwidth, set Block on Other Error to No . When enabled, the Virus Scanner blocks archives that cause errors while they are decompressing.
Block Unsupported Archives – To block archives that cannot be decompressed because their formats are unsupported, select yes.
To configure malware detection, specify the types of malware that the engine should scan for in the Avira Non-Virus Detection section.
To configure engine-specific options, configure the following parameters in the Avira Misc. Options section:
- Legacy Avira license – To import a legacy Avira license, click Ex/Import and select Import from file.
- Contact Email Address – The email address to receive notifications on when the license will expire.
Quarantine directory – The path to the directory where infected files should be placed.
- Click Send Changes and Activate.
Configure HTTP Multimedia Streaming
To enable content streaming, disable virus scanning for specific DNS domains.
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Virus-Scanner > Virus Scanner Settings.
- In the left menu, select Content Scanning.
- Click Lock.
- In the Scan Exceptions table, add an entry for each DNS domain that should not be scanned:
- Enter a name for the entry and click OK.
In the Allowed MIME types table, add an entry for each MIME type that should not be scanned.
- In the Domain field, enter the domain name.
- Click Send Changes and Activate.
Updates of the Avira engine are done automatically. If a faulty Avira update is downloaded and activated, a rollback to the last working version is done. During this process, further updates will be blocked for 1 hour. A virscan/cas message will be created, stating " Doing rollback. Disabling update for 60 min ."
To manually update the Avira pattern, complete the following steps:
Go to CONTROL > Server .
- In the Service Status section, right-click the virscan service that should be updated with the most current pattern.
- Click Update Pattern in the context menu.
If you must perform a manual rollback, create a file named /var/phion/run/virscan/dorollback. During this process, any other updates will be blocked for 1 hour. The virscan/cas message will be created, stating "Doing rollback. Disabling update for 60 min."
After a successful update, Avira creates a backup that will be used for the next rollback. A log entry will be created, stating "Creating backup for Rollback".