Analyzing files tab

Transferring files

Partial download When a download is incomplete, for example, due to a connection failure during a file download via HTTP, the user can continue to download from where the error occurred, instead of having to download the whole file again. This is called a partial download – the download does not correspond to a whole file.
The option Partial download defines how the firewall’s HTTP proxy reacts to such downloads.
  • Block: partial downloads are prohibited
  • Block if antivirus has been enabled: partial downloads are allowed except if the traffic matches traffic that is inspected by a rule with an antivirus scan.
  • Pass: partial downloads are allowed but there will not be any antivirus scan.
File size limit [0-2147483647(KB)] When files downloaded off the internet via HTTP get too huge, they can deteriorate the internet bandwidth for quite a long stretch of time.
To avoid this situation, indicate the maximum size (in KB) that can be downloaded by HTTP.
URLs excluded from the antivirus scan A URL category or category group can be excluded from the antivirus scan. By default, there is a URL group named antivirus_bypass in the object database containing Microsoft update sites.

File filter (MIME type)

Status Indicates whether a file is active or inactive. 2 positions are available: “Enabled” or “Disabled”.
Action Indicates the action to be taken for the file in question, out of 3 possibilities:
  • Detect and block viruses: The file will be scanned in order to detect viruses that may have infected the files. These viruses will be blocked.
  • Pass without analyzing files: The file can be downloaded freely without any antivirus scans being performed.
  • Block: The download is prohibited.
MIME type Indicates the file content type. This could be text, an image or a video, to be defined in this field.
Examples:
  • “text/plain*”
  • “text/*”
  • “application/*”
Maximum size for antivirus scan and sandboxing (KB) This field corresponds to the maximum size of files that will be scanned. The default size depends on the firewall model:
  • S model firewalls (SN160(W), SN210(W) and SN310): 4000 KB.
  • M model firewalls (SN510, SN710, SNi20 and SNi40): 8000 KB.
  • L model firewalls (SN910): 16000 KB.
  • XL model firewalls (EVA1, EVA2, EVA3,EVA4, EVAU, SN2000, SN2100, SN3000, SN3100, SN6000 and SN6100): 32000 KB.

Actions on files

When a virus is detected This field contains 2 options.
  • By selecting “Block”, the analyzed file will not be sent.
  • By selecting “Pass”, the antivirus will send the file in its original form.
When the antivirus scan fails This option defines the behavior of the antivirus module if the analysis of the file it is scanning fails.
E.g.: The file could not be scanned as it has been locked.
  • If Block has been specified, the file being scanned will not be sent.
  • If Pass without analyzing has been specified, the file being scanned will be sent.
When data collection fails This option defines the behavior of the antivirus module when certain events occur.
It is possible to Block traffic when information retrieval fails, or Pass without analyzing.
E.g.: If the hard disk has reached its capacity, information will not be downloaded.