Barracuda Web Application Firewall uses Clam AV as the anti-virus engine.
Q. Where do we get the signatures for the AV engine?
A. Barracuda Networks does its own research to create the signatures. When we detect a new virus, the malware team creates a signature and pushes it out to all the units with active EU subscriptions using Energize Updates mechanism.
Q. What are supported file types?
A. Since the engine being used is Clam - we support all the file types that Clam supports.
Q. Is the whole file scanned before it is uploaded to the server?
A. No. WAF uses streaming mode to integrate with the Clam engine. In this mode chunks of data are sent to the AV engine as they are received. As and when the AV engine return the scanned data, the WAF pushes it off to the backend server.
Q. Is there a file size limitation?
A. Yes. The limit is a Clam configuration which is currently set to 25Mb
Q. If the data is scanned in streaming mode why is there a limit?
A. The Clam engine has a setting where it needs to be told what is the file size it should expect - that is currently set to 25Mb
Q. Is the file size limit configurable?
A. Yes - for Barracuda support / No for customers. The configuration can be changed via the configuration file for Clam AV. This is an internal file and can be changed by support. This configuration is not exposed via the UI.
Q. What happens if the file being uploaded is larger than the configured limit?
A. If the file to be scanned is larger than the configured limit the Clam engine rejects the connection. This results in a log stating the Scan failed because the file size was too large.