/
How to Configure Malware Protection in the HTTP Proxy

How to Configure Malware Protection in the HTTP Proxy

The Malware Protection service tightly integrates antivirus software with the Barracuda CloudGen Firewall gateway. Configure the Avira scan engine and enable Advanced Threat Protection (ATP) for content scanning in the Barracuda cloud to reduce the load on the firewall. You can also configure content filtering, content caching, and additional features to optimize file downloads with virus scanning.

Configure the Virus Scanner

When configuring the virus scanner, you can:

  • Specify the behavior of local and remote virus scanning.

  • Exempt specific files and domains from scanning.

  • Limit the size of files that are scanned locally with a big file policy. You can configure a small system (for example Barracuda CloudGen Firewall F100) to scan small files, while sending bigger files to a remote system that is more capable of scanning large files (for example Barracuda CloudGen Firewall F600).

To configure the virus scanner:

  1. Verify that you properly created the Virus Scanner service. For more information, see Virus Scanner.

     

  2. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > HTTP-Proxy > HTTP Proxy Settings.

  3. Click Lock.

  4. From the Configuration Mode menu on the left, select Advanced View.

  5. From the Configuration menu on the left, select Malware Protection.

  6. To enable virus scanning, select Yes from the Enable Virus Scanning list.

  7. From the Scanner Location list, select one of the following options to specify on which system the Virus Scanner service is running:

    • Local – Select if the Virus Scanner service is running locally on the Barracuda CloudGen Firewall.

    • Remote – Select if the Virus Scanner Service is running on another Barracuda CloudGen Firewall. In the Remote Scanner IP field, enter the IP address of the remote service which is used for virus scanning.

  8. In the Virus Scan Exceptions section, you can specify which files and domains should not be scanned. Click Edit and then specify the following settings:

    • MIME Types  In this table, add MIME types that are excepted from being scanned and thus are delivered directly to the web browser. Wildcards and regular expressions are allowed. Examples:

      • x-rpm$ – Excludes all files with "rpm" at the end of the string.

      • [mp] – Excludes all files that contain the characters "m" or "p".

      • audio/mpeg – Excludes all MPEG files.

    • Domains  In this table, add the domains that are excepted from being scanned.

    • Raw  In this table, you can enter raw Squid configurations.

  9. In the Virus Scan Filter section, you can specify the MIME types and files suffixes to be scanned. Click Edit and then specify the following settings:

    • Mime Types – In this table, add MIME types.

    • File Suffixes – In this table, add file suffixes.

  10. To configure the big file policy:

    1. In the Big File Watermark (MB) field, enter the size limit for files that are scanned locally.

    2. From the Big File Policy list, select a policy to handle files whose size exceeds the Big File Watermark (MB) limit:

      • Scan – All files are scanned locally.

      • Alternative Scanner – All files that are bigger than the watermark size are sent to a remote scanner. In the Big File Scanner IP (ICAP) field, enter the IP address of the remote scanner.

      • Bypass – All files that are bigger than the watermark size are forwarded to the client without scanning.

  11. Click Send Changes and Activate.

Optimize File Downloads

To optimize file downloads, you can configure these settings:

 Data Trickling

Because the virus scanning engine scans files before sending them, there may be a delay when large files are sent, giving users the impression that their download request is unsuccessful. With data trickling, the proxy sends small pieces of data to the client, so that the client does not run into a timeout during virus scanning; however, this data is not scanned. Before configuring data trickling, note the following information:

  • When data trickling is enabled and malware is found within a scanned file by the virus scanning engine, the remaining portion of the file is not transmitted. This creates a small, incomplete stub file in the user’s download location.

  • Trickling of all destinations appears if no special restrictions are defined. The data trickling access control list (ACL) is processed prior to the header trickling ACL.

  • Data trickling is not possible with HTTPS downloads over the Secure Web Proxy service.

How to Configure Data Trickling

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > HTTP-Proxy > HTTP Proxy Settings.

  2. Click Lock.

  3. From the Configuration menu on the left, select Malware Protection.

  4. From the Enable Trickle Feature list, select Yes.

  5. In the Trickle Size Low Watermark (MB) field, enter the minimum size for files that must be trickled.

  6. In the Trickle Period field, enter the delay in seconds between trickle packets.

  7. To edit more detailed trickling settings:

    1. Expand the Configuration Mode menu in the left navigate pane and click Switch to Advanced.

    2. Click Set or Edit next to Advanced Trickle Settings. For more details about these settings, see Malware Protection Settings.

    3. Click OK.

  8. Click Send Changes and Activate.

 Pop-Up Progress Bar

The pop-up progress bar displays the status of file downloads. The progress bar can be configured for web browsers such as Internet Explorer, Firefox, or Opera. Additionally, only certain MIME types are handled by the proxy progress bar. Granular configurations let you fine-tune exceptions for the progress bar. You can also configure HTML templates for the progress bar. Before configuring the pop-up progress bar, note the following information:

  • The progress bar does not work with HTTPS connections or SSL Inspection.

  • Supported browsers are Mozilla Firefox 2 and 3, and Microsoft Internet Explorer (IE) 6 at least.

  • By default, the progress bar detects the following browsers:

    • Mozilla Firefox

    • Microsoft Internet Explorer (IE)

    • Opera

    • Apple Safari

    • Google Chrome

  • When the pop-up progress bar is enabled, no header trickling is performed.

  • With some browsers and websites, the progress bar process cannot discriminate between when you click Save result as and when you directly click the specified link in the browser window (for example, download areas at www.microsoft.com). This may lead to unexpected behavior where the pop-up progress bar does not display when you directly click the link.

  • When a progress popup is opened, the main window is set to blank for IE 6 and 7. The user has to enter a new web address manually or use the back button to return to the previous page. If IE 8 or Firefox is used, the main window displays the page where the download was started automatically. This is done by getting back in the browser history by two steps. Stepping back two sites is important for download sites where the download is started via Javascript or HTTP redirects. Otherwise the download would start in an endless loop. On the other hand it may happen that the main browser window is set to the last opened web site. 

Contact Us
Barracuda Campus
Barracuda Support