When checking files for viruses using the proxy-based scanning method, there is a maximum file size that can be buffered. Files larger than this size are passed without scanning. The default size for all FortiGate models is 10 megabytes.

Archived files are extracted and email attachments are decoded before the FortiGate unit determines if they can fit in the scan buffer. For example, a 7 megabyte ZIP file containing a 12 megabyte EXE file will be passed without scanning with the default buffer size. Although the archive would fit within the buffer, the uncompressed file size will not.

In this example, the uncompsizelimit CLI command is used to change the scan buffer size to 20 megabytes for files found in HTTP traffic:

The maximum buffer size varies by model. Enter set uncompsizelimit? to display the buffer size range for your FortiGate unit.