Virus scanning is enabled on a per URL basis. It should only be enabled for URLs which allow file uploads and downloads because virus checking is a performance intensive task.
To enable Antivirus for file uploads/downloads
- From the WEBSITES > Advanced Security page in the Advanced Security section, identify the service for which you want to enable Antivirus checking.
- Click Edit next to that Service. The Edit URL Policy window appears.
- In the Edit URL Policy section:
- Set Enable Virus Scan to Yes.
- Set Status to On.
- Set Mode to Active.
- Click Save.
When Virus Scan is enabled for a Service, all requests passing through the Barracuda Web Application Firewall for that Service are scanned for viruses, and any traffic containing viruses is blocked.
The Barracuda Web Application Firewall uses the Clam AV integrated Antivirus engine to scan files for embedded viruses and malware. Barracuda Networks does its own research to create the AV signatures and push them out to all units with active Energize Updates subscriptions. The Barracuda Web Application Firewall Antivirus engine supports all file types the Clam AV engine supports. Integration with the Antivirus engine uses streaming, so chunks of data are sent to the AV engine as they are received. Once the AV engine returns scanned data, the data is pushed to the back-end server.
The file size limitation for Antivirus scanning is currently set to 25Mb, set in the Clam engine so it knows what file size it should expect. Barracuda Networks Technical Support can change the file size limit, however, customers do not have access to this configuration setting. The Clam engine rejects the connection request for files that are too large. Files larger than the configured limit result in a log entry indicating the scan failed because the file size was too large.