Fortinet black logo

Handbook

Scan buffer size

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:995746
Download PDF

Scan buffer size

When checking files for viruses, there is a maximum file size that can be buffered. Files larger than this size are passed without scanning. The default size for all FortiGate models is 10 megabytes.

Archived files are extracted and email attachments are decoded before the FortiGate unit determines if they can fit in the scan buffer. For example, a 7 megabyte ZIP file containing a 12 megabyte EXE file will be passed without scanning with the default buffer size. Although the archive would fit within the buffer, the uncompressed file size will not.

Configuring the uncompression buffer

In this example, the uncompressed-oversize-limit CLI command is used to change the scan buffer size to 20 megabytes for files found in HTTP traffic:

config firewall profile-protocol-options

edit <profile_name>

config http

set uncompressed-oversize-limit 20

end

end

end

The maximum buffer size varies by model. Enter set uncompressed-oversize-limit ? to display the buffer size range for your FortiGate unit.

Scan buffer size

When checking files for viruses, there is a maximum file size that can be buffered. Files larger than this size are passed without scanning. The default size for all FortiGate models is 10 megabytes.

Archived files are extracted and email attachments are decoded before the FortiGate unit determines if they can fit in the scan buffer. For example, a 7 megabyte ZIP file containing a 12 megabyte EXE file will be passed without scanning with the default buffer size. Although the archive would fit within the buffer, the uncompressed file size will not.

Configuring the uncompression buffer

In this example, the uncompressed-oversize-limit CLI command is used to change the scan buffer size to 20 megabytes for files found in HTTP traffic:

config firewall profile-protocol-options

edit <profile_name>

config http

set uncompressed-oversize-limit 20

end

end

end

The maximum buffer size varies by model. Enter set uncompressed-oversize-limit ? to display the buffer size range for your FortiGate unit.