Technical Documentation

External Antivirus Scanner Settings Overview

You can use the AV Scanner Settings tab to configure the AV scanner options available in the UI. Table 1 describes the AV Scanner Settings tab options.

Table 1: External AV Scanner Settings

External AV Scanner Options

Description

Maximum Number of TCP connections

The maximum number of connections between the security device and the external AV scanner.

Fail Mode Traffic Permit

When enabled, the security device continues to permit traffic even if the device loses connectivity with the AV scanner.

Fail Mode Scanner Threshold

The number of times the security device consecutively fails to make contact with the external scanner before going into a 5-minute wait period. After the wait period, the security device again attempts to reach the external scanner.

Maximum AV resources allowed per AV client

The maximum percentage of AV resources that an AV client can consume. The default is 70%; the acceptable range is from 1to 100%, where 100% allows unrestricted resource consumption. You might want to edit this option to prevent a malicious user from generating a large amount of traffic in an attempt to consume all available resources.

HTTP Settings
  • HTTP keep-alive—This option directs the device to use the HTTP keep-alive connection option. Using this option prevents the device from sending a TCP FIN message to indicate termination of data transmission.
  • Skip scanning HTTP content with predefined content type—By default this option is enabled. This means HTTP scanning does not scan HTTP entities composed of any of the following Multipurpose Internet Mail Extensions (MIME) content types (and when followed by a slash, subtypes):
    • application/x-director
    • application/pdf; image
    • video
    • audio
    • text/css
    • text/html

Because most HTTP entities are composed of these content types, HTTP scanning only applies to a small subset of HTTP entities such as /zip and application /exe content types, where viruses are most likely to be hiding.

Trickling

You can direct the device to forward specific amounts of unscanned traffic to the HTTP client to prevent the client from timing out while the scanner is busy examining downloaded HTTP files. If you select Custom, you can specify the amounts that are forwarded. Selecting Default resets the amounts to their default values.

Published: 2009-08-20