Limitations and Precautions for Antivirus
Read limitations and precautions before configuring antivirus.
Hardware Requirements
The antivirus function is supported by all models.
The antivirus full-text scanning mode is supported by all models except the USG6510E/6510E-POE/6530E, USG6515E/6550E/6560E/6580E and USG6525E/6555E/6565E/6585E.
License Requirements
The antivirus signature database update requires a license. For details about the license control scope, see License Control Items.
In versions earlier than V600R007C20SPC300, you need to update the antivirus signature database immediately after the license is loaded. In V600R007C20SPC300 and later versions, the device automatically loads the predefined antivirus signature database after the license is loaded.
Limitations
- Antivirus does not apply to resumable file transfer.
- The antivirus full-text scanning mode is not supported in virtual systems.
- Antivirus does not apply to IPv6 IMAP, SMTP, or POP3 traffic.
- If you want the device to perform the antivirus check on SFTP traffic, HTTPS traffic, SMTPS traffic, POP3S traffic, or IMAPS traffic, configure SSL-encrypted traffic detection. For details, see SSL-Encrypted Traffic Detection.
Precautions
- When the antivirus function is used to perform content security detection on traffic, the performance of the device is affected. Therefore, configure the function as required.
- To keep the antivirus function up-to-date, you are advised to update the antivirus signature database every day.
- Antivirus does not apply to SMTP/POP3/IMAP if the forward and return paths are inconsistent.
- If the FW is deployed between two routers, and the routers detect each other through BFD, you are advised to properly prolong the BFD time (longer than 100 ms is recommended) to prevent BFD flapping resulting from occasional network congestion.
- When the antivirus full-scan mode is enabled on the device, if the antivirus profile is referenced in the security policy matching FTP traffic, FTP traffic is processed in proxy mode by default. In this case, the intrusion prevention function cannot be used to collect attack evidence for FTP traffic.