Configure anti-malware on engines

You can enable anti-malware in the engine properties. The File Filtering Policy used in the engine policy determines which traffic is inspected for malware.

The supported protocols in anti-malware inspection are FTP, HTTP, HTTPS, IMAP, POP3, and SMTP.

The anti-malware solution depends on the NGFW Engine version:

  • If the engine version is 5.6 or earlier, the anti-malware solution is provided by ClamAV and the anti-malware database is updated with new malware definitions every hour.

    Anti-malware is only supported on Firewalls.

  • If the engine version is 5.7 or later, the anti-malware solution is provided by McAfee and there are more options for the anti-malware database update frequency. You can also use an HTTP proxy to connect to anti-malware database update mirrors.

    In version 5.7, anti-malware is supported only on Firewalls. In version 5.8 or later, it is supported on all Single and Clustered NGFW Engines and Virtual NGFW Engines (configured on the Master NGFW Engine).

When you upgrade the engine, the anti-malware engine and anti-malware database mirror URL are updated automatically. If you downgrade the engine, you must manually revert the mirror URL.

If the engine version is 5.5.5 or later, you can update the anti-malware database manually. If you upgrade the anti-malware database manually before upgrading the engine, the engine starts inspecting the traffic for malware when it goes online.