< Home

Changing the Size of a Compressed File for Virus Detection

This section describes how to change the size of a compressed file for virus detection on the FW.

Faced Problems

When detecting viruses in a compressed file, the FW decompresses the compressed file to obtain the original file and then checks whether the file is infected with viruses.

Large compressed files are often transmitted over the network. When detecting viruses in these files, the FW decompresses the files to obtain the original file, which affects the processing performance.

Figure 1 Changing the size of a compressed file for virus detection

Solution

The FW allows you to set the maximum size of a compressed file for virus detection, According to the configured maximum size of a compressed file for virus detection, the FW can implement antivirus detection only for a file whose size equals the maximum size of a compressed file for virus detection. If a virus is detected, the file is processed based on the action defined in the antivirus profile. If no virus is detected, the file is permitted.

By default, the maximum size of a compressed file for virus detection is 100 MB. The administrator of the enterprise network can set the maximum size of a compressed file for virus detection by considering the virus detection effect and processing performance.

  1. Log in to the web UI of the FW as the administrator.

  2. Choose Object > Security Profiles > Global Configuration.

  3. Set Maximum file size for decompression. In this example, the maximum size of a compressed file for virus detection is 80 MB

  4. Click OK.

Verification

Compress the EICAR test file and a normal 80M file into a ZIP file and use FTP to transmit the file. When the traffic carrying the file passes through the FW, the FW detects a virus and generates a log. The ZIP file cannot be properly transmitted.

Compress the EICAR test file and a normal 80M file into a ZIP file and use FTP to transmit the file (compress the normal file and add the EICAR file to the compression package) and use FTP to transmit the ZIP file. When the traffic carrying the file passes through the FW, the FW does not detect any virus and forwards the ZIP file.

Configuration Scripts

The configuration script related to the example is as follows:

#                                                                                                                                   
 file-frame decompress size 80                                                                                                    
#                                                                                                                                    
security-policy                                                                                                                     
 rule name policy1                                                                                                                  
  source-zone trust                                                                                                                 
  destination-zone untrust                                                                                                          
  source-address 192.168.0.0 mask 255.255.255.0                                                                                     
  profile av default                                                                                                                
  action permit                                                                                                                     
#
Parent Topic: Best Practices for Antivirus
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >