Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Understanding Antivirus Scanning Fallback Options
Fallback options tell the system how to handle the errors returned by either the scan engine or the scan manager. The following is a list of possible errors and the default fallback actions for those error types:
- Scan engine is not ready (engine-not-ready)
The scan engine is initializing itself, for example, loading the signature database. During this phase, it is not ready to scan a file. A file could either pass or be blocked according to this setting. The default action is BLOCK.
- Corrupt file (corrupt-file)
Corrupt file is the error returned by the scan engine when engine detects a corrupted file. The default action is PASS.
- Decompression layer (decompress-layer)
Decompress layer error is the error returned by the scan engine when the scanned file has too many compression layers. The default action is BLOCK.
- Password protected file (password-file)
Password protected file is the error returned by the scan engine when the scanned file is protected by a password. The default action is PASS.
- Max content size (content-size)
If the content size exceeds a set limit, the content is passed or blocked depending on the max-content-size fallback option. The default action is BLOCK.
- Too many requests (too-many-requests)
If the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The default action is BLOCK. (The allowed request limit is not configurable.)
- Timeout
Scanning a complex file could consume resources and time. If the time it is taking to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking. The decision is made based on the timeout fallback option. The default action is BLOCK.
- Out of resources (out-of-resources)
Virus scanning requires a great deal of memory and CPU resources. Due to resource constraints, memory allocation requests can be denied by the system. This failure could be returned by either scan engine (as a scan-code) or scan manager. When out-of-resources occurs, scanning is aborted. The default action is BLOCK.
- Default
All the errors other than those in the above list fall into this category. This could include either unhandled system exceptions (internal errors) or other unknown errors. The default action is BLOCK.
Related Topics
Junos OS Feature Support Reference for SRX Series and J Series Devices
