Internal Antivirus Scan Manager Settings Overview

Yo can use the AV Scan Manager Settings tab to configure the AV scanner options available in the UI. Table 41 describes the internal AV Scan Manager setting options.

Table 41: Internal AV Scan Manager Settings

Internal AV Scan Manager Options

Your Action

Comments

Pattern Server URL

You specify the URL address of the server from which the device retrieves pattern file updates.

You can use one of the following two default pattern-update URLs:

Update AV pattern through proxy

You can update AV patterns from a proxy server.

This update does not require Internet access and is done offline. You cannot configure an HTTPS proxy, because you cannot cache an HTTPS proxy.

Update Interval

You can specify the interval at which the device starts an automatic pattern update.

Note: You can direct a security device to immediately contact the pattern server and update its pattern file. To do this, right-click the device object and select AV Scan Manager > Update Pattern. (You can modify the pattern server URL and update the interface if necessary.) Click OK.

Maximum Decompression level

You can specify the number of levels of compression to examine.

A setting of 2 will examine a compressed file within a compressed file. If the number of levels of compression in the file exceeds the number indicated here, the e-mail will be blocked.

Content drop parameters

You can specify that the device drop messages if the size of the content or the number of concurrent messages exceed configurable limits.

NA

Content Protocol

You can select the type of protocols (HTTP, SMTP, FTP, IMAP or POP3) that are to be examined for virus patterns.

For each protocol, you can also specify the following (not all values applicable to all protocols):

  • Scan Mode— All, Intelligent, or by File Extension. If you select Scan by File Extension, you must populate the Ext List Include box.
  • Scanning Timeout—Scans that take longer than this period are not completed.
  • Decompress Layer—The number of levels of decompression to uncompress before scanning. Supported by ScreenOS 5.3 and later. For ScreenOS 5.2 and earlier, you must configure on an individual scanner basis.
  • Skip Mime (HTTP only)—If checked, causes the scanner to skip any mime types listed in the Mime List box. Supported by ScreenOS 5.3 and later. For ScreenOS 5.2 and earlier, you must configure on an individual scanner basis.
  • Ext List Include—A list of file extensions to examine for viruses. Extension lists are created under Object Manager > AV Objects > Extension Lists.
  • Ext List Exclude—A list of file extensions to not examine for viruses. Extension lists are created under Object Manager > AV Objects > Extension Lists.
  • Mime List (HTTP only)—The list of mime types to not scan. NSM ships with a default mime type list, or you can create your own under Object Manager > AV Objects > Custom Mime Lists.
  • Virus Notification with Protocol Code—FTP, HTTP, IMAP, POP3, and SMTP only. Notifies the client when a virus is detected. The AV scanner uses the default warning messages or user-defined warning messages, and their respective protocol codes to notify the client. You can select this feature under Object Manager > AV Objects > Virus Notification with Protocol Code.
  • Email Notify Virus Sender (IMAP, POP3, and SMTP only)—Notifies an email sender if a virus was found in the e-mail.
  • Email Notify Scan-Error Sender (IMAP, POP3, and SMTP only)—Notifies an email sender if the e-mail was dropped due to a scan error.
  • Email Notify Scan-Error Recipient (IMAP, POP3, and SMTP only)—Notifies an e-mail recipient if the e-mail was passed because of a scan error.
  • Send admin e-mail after virus pattern file updated—Notifies the administrator through e-mail of an updated pattern file. You can indicate whether you want the device to notify the administrator through e-mail when an updated pattern file is available.

Related Documentation