Understanding Full Antivirus Application Protocol Scanning

You can turn antivirus scanning on and off on a per protocol basis. If scanning for a protocol is disabled in an antivirus profile, there is no application intelligence for this protocol. Therefore, in most cases, traffic using this protocol is not scanned. But if the protocol in question is based on another protocol for which scanning is enabled in an antivirus profile, then the traffic is scanned as that enabled protocol.

The internal antivirus scan engine supports scanning for specific Application Layer transactions allowing you to select the content (HTTP, FTP, SMTP, POP3, or IMAP traffic) to scan. For each content type that you are scanning, you have different configuration options.

Profile-based settings, including enable/disable, scan-mode, and scan result handling settings, may not be applicable to all supported protocols. The following table lists profile-based settings and their protocol support.

Table 68: Supported Profile-based Settings By Protocol

Profile Setting	Protocol Support
Enable or disable scanning on per protocol basis	All protocols support this feature
Full Antivirus Scan Modes, including file extension scanning	All protocols support this feature
Full Antivirus Content Size Limits	All protocols support this feature
Full Antivirus Decompression Layer Limit	All protocols support this feature
Full Antivirus Scanning Timeout	All protocols support this feature
Understanding HTTP Trickling	HTTP only
Understanding Antivirus Scanning Fallback Options	All protocols support this feature
Protocol-Only Virus-Detected Notifications	All protocols support this feature
E-Mail Virus-Detected Notifications	SMTP, POP3, and IMAP only
Custom Message Virus-Detected Notifications	All protocols support this feature

Understanding Full Antivirus Application Protocol Scanning

Related Topics