Analyzing files tab

Transferring files

Partial download When a download is incomplete, for example, due to a connection failure during a file download via HTTP, the user can continue to download from where the error occurred, instead of having to download the whole file again. This is called a partial download – the download does not correspond to a whole file.

The option Partial download defines how the firewall’s HTTP proxy reacts to such downloads.
  • Block: partial downloads are prohibited
  • Block if antivirus has been enabled: partial downloads are allowed except if the traffic matches traffic that is inspected by a rule with an antivirus scan.
  • Pass: partial downloads are allowed but there will not be any antivirus scan.
File size limit [0-2147483647(KB)] When files downloaded off the internet via HTTP get too huge, they can affect internet bandwidth for quite a long stretch of time.
To avoid this situation, indicate the maximum size (in KB) that can be downloaded via HTTP.
URLs excluded from the antivirus scan A URL category or category group can be excluded from the antivirus scan. By default, there is a URL group named antivirus_bypass in the object database containing Microsoft update sites.

File filter (MIME type)

Status Indicates whether a file is active or inactive. Two statuses are available: “Enabled” or “Disabled”.
Action Indicates the action to be taken for the file in question, out of three possibilities:
  • Detect and block viruses: The file will be scanned in order to detect viruses that may have infected the files. These viruses will be blocked.
  • Pass without analyzing files: The file can be downloaded freely without any antivirus scans.
  • Block: The download is prohibited.
MIME type Indicates the file content type. This could be text, an image or a video, to be defined in this field.

EXAMPLES
« text/plain* »
« text/* »
« application/* »
Maximum size for antivirus scan and sandboxing (KB)

This option corresponds to the maximum size of files that will be scanned.
The default size depends on the firewall model:

  • SN160(W), SN210(W), SN310, EVA1, EVA2, EVA3 and EVAU (16G) : 4000 Ko.
  • SN-XS-Series-170, SN-S-Series-220, SN-S-Series-320, SN510, SN710, SNi10, SNi20 and SNi40 : 8000 Ko.
  • SN-M-Series-520, SN-M-Series-720, SN910, SN-M-Series-920, SNxr1200 and EVA4 : 16000 Ko.
  • SN1100, SN2100, SN-L-Series-2200, SN3100, SN-L-Series-3200, SN-XL-Series-5200, SN6100, SN-XL-Series-6200 and EVAU (32G, 64G) : 32000 Ko.

Actions on files

When a virus is detected This field contains two options. By selecting “Block”, the analyzed file will not be sent. By selecting “Pass”, the antivirus will send the file in its original form.
When the antivirus scan fails This option defines the behavior of the antivirus module if the analysis of the file it is scanning fails.

EXAMPLE
The file could not be scanned as it is locked.


If Block is specified, the file being scanned will not be sent.
If Pass without analyzing has been specified, the file being scanned will be sent.
When data collection fails This option defines the behavior of the antivirus module when certain events occur. It is possible to Block traffic when information retrieval fails, or Pass without analyzing.

EXAMPLE
If the hard disk has reached its capacity, information will not be downloaded.