Scan buffer size
When checking files for viruses, there is a maximum file size that can be buffered. Files larger than this size are passed without scanning. The default size for all FortiGate models is 10 megabytes.
Archived files are extracted and email attachments are decoded before the FortiGate unit determines if they can fit in the scan buffer. For example, a 7 megabyte ZIP file containing a 12 megabyte EXE file will be passed without scanning with the default buffer size. Although the archive would fit within the buffer, the uncompressed file size will not.
Configuring the uncompression buffer
In this example, the uncompressed-oversize-limit
CLI command is used to change the scan buffer size to 20 megabytes for files found in HTTP traffic:
config firewall profile-protocol-options
edit “default”
config http
set uncompressed-oversize-limit 20
end
The maximum buffer size varies by model. Enter set uncompressed-oversize-limit ?
to display the buffer size range for your FortiGate unit.