 |
Note: Custom-message in fallback-nonblock is used only by mail protocols. |
You have multiple notifications options for when a virus is detected.
This topic contains:
When content is blocked because a virus is found or a scan error occurs, the client generally still receives a successful response code but with modified content (file replacement) containing a warning message. But with protocol-only notifications, a protocol-specific error code may be returned to the client. This way, the client determines that a virus was detected rather than interpreting that a file transfer succeeded.
- edit security utm feature-profile anti-virus kaspersky-lab-engine
profile <name> {
-
- notification-options {
-
- virus-detection {
-
- type { protocol-only | message }
- }
-
- fallback-block {
-
- type { protocol-only | message }
-
- }
- }
- }
- }
For mail protocols (SMTP, POP3, IMAP), e-mail notification is used to notify the sender or the recipient about the detected viruses or the scanning errors. There are three settings for e-mail notifications:
Custom message notifications are mainly used in file replacement or in a response message when the antivirus scan result is to drop the file. When using custom messages, you can provide a customized message in the message content you can define customized subject tags
|
Note: Custom-message in fallback-nonblock is used only by mail protocols. |
- edit security utm feature-profile anti-virus kaspersky-lab-engine
profile <name> {
-
- notification-options {
-
- virus-detection {
-
- custom-message <msg>
- custom-message-subject <subject msg>
- }
-
- fallback-block {
-
- custom-message <msg>
- custom-message-subject <subject msg>
- }
-
- fallback-non-block {
-
- custom-message <msg>
- custom-message-subject <subject msg>
- }
- }
- }
- }
Fallback options tell the system how to handle the errors returned by either the scan engine or the scan manager. The following is a list of possible errors and the default fallback actions for those error types.
The scan engine is initializing itself, for example, loading the signature database. During this phase, it is not ready to scan a file. A file could either pass or be blocked according to this setting. The default action is BLOCK.
Corrupt file is the error returned by the scan engine when engine detects a corrupted file. The default action is PASS.
Decompress layer error is the error returned by the scan engine when the scanned file has too many compression layers. The default action is BLOCK.
Password protected file is the error returned by the scan engine when the scanned file is protected by a password. The default action is PASS.
If the content size exceeds a set limit, the content is passed or blocked depending on the max-content-size fallback option. The default action is BLOCK.
If the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The default action is BLOCK. (The allowed request limit is not configurable.)
Scanning a complex file could consume resources and time. If the time it is taking to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking. The decision is made based on the timeout fallback option. The default action is BLOCK.
Virus scanning requires a great deal of memory and CPU resources. Due to resource constraints, memory allocation requests can be denied by the system. This failure could be returned by either scan engine (as a scan-code) or scan manager. When out-of-resources occurs, scanning is aborted. The default action is BLOCK.
All the errors other than those in the above list fall into this category. This could include either unhandled system exceptions (internal errors) or other unknown errors. The default action is BLOCK.
