We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Virus Scanner Integration in the HTTP Proxy and FTP Gateway

  • Last updated on

The following article describes the working mechanism of Proxy and FTP gateway integration in context with the usage of a virus scanner.

Proxy Integration

The Squid-based proxy service communicates with the virus scanner using ICAP protocol. 

Schematic overview of proxy integration:

av_proxy_integration.png

Proxy integration works the following way:

  1. The request is sent from the source address to the Internet.
  2. The response is returned from the destination.
  3. The response is forwarded to the antivirus service via ICAP.
  4. If content is "infected," it is removed.
  5. The scanned response is returned to the Barracuda CloudGen Firewall. In case of infected content, a corresponding block HTML page is sent.
  6. The requested content is delivered to source address. In case of infected content, a corresponding block HTML page is displayed. 

To integrate virus scanning on an HTTP proxy, make sure that Yes is selected from the Enable Virus Scanning list in the HTTP Proxy Malware Protection settings.

FTP Gateway Integration

Scanning of FTP requests is processed via internal service communication between the FTP gateway and the virus scanner service.

Schematic overview of FTP gateway integration:

av_ftp_integration.png

FTP Gateway Integration works the following way: 

  1. The FTP request is sent from the client to the Internet, passing the FTP gateway.
  2. The response is returned from the destination to the FTP gateway.
  3. The response is split into two information streams. For every 4096 KB package, 1 KB is directly returned to the client without being scanned, to avoid time-outs in the connection between the client and FTP gateway. The larger part of the data package is forwarded to the antivirus service.
  4. If content is "infected," it is removed. The virus scanner returns an error code and virus information to the FTP gateway, terminating the client data connection. Furthermore, it returns a 505 error code containing the virus information. The FTP gateway forwards this information to the client (505 virus <virus_name> found in file). The unscanned part of the data package, which has already been forwarded to the client, remains on it as tiny file fragment. This fragment must be deleted manually.
  5. If content is clean, the scanned response is returned to the FTP gateway.
  6. The FTP gateway delivers the requested content to the source client.
Last updated on