cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Anti-malware maximum file size

Jump to solution

Hi everyone

Is there a maximum file size that the MWG anti-malware scanning engine will accept?  I can see that if you have the Avira engine enabled, that has a maximum, but if you go with the defaults (ie Full McAfee Coverage), I can't find any settings.  Does the MWG anti-malware engine accept and scan anything unless you use a ruleset to dictate a maximum file size?  (And if so can anyone provide me with an example ruleset?)

Also - what is McAfee's recommended maximum file size for malware scanning?

Thank you in advance!

1 Solution

Accepted Solutions
aloksard
Employee
Employee
Report Inappropriate Content
Message 2 of 3

Re: Anti-malware maximum file size

Jump to solution

Hi,

Hope you are doing well.

There is no single file size limit for scanning, it differs based on filetype, but the larger the file, the more disk space you'll need and the more time to process.

 

MWG doesn’t include any artificial limitation. One of the limiting factor can be the size of /opt partition.

 

From a technical perspective, there is no limit to the size of files scanned ,That said, we do recommend a size limit in practice if you plan to perform malware scanning. This is because the time taken to scan files increases along with file size and complexity, and the chances of a client timeout increase accordingly. The default Gateway Anti-Malware rule set checks the Content-Length header in the original request or response, and will skip scanning if this exceeds 200 MB. It is possible to edit this rule to change or remove the size limit.

 

Also we have Gateway Anti-Malware With Optimization Rule Set  in our rule set library which can be used.

Gateway Anti-Malware With Optimization Rule Set from the Ruleset Library, download the latest version from:
https://contentsecurity.mcafee.com/ruleset_library

 

Gateway Anti-malware with Optimization  rule:-

This is a clone of the default "Gateway Anti-Malware" rule set that ships with the product, but it contains some options to reduce the amount of time required for filtering files. It automatically skips some duplicate checks and allows to specify a timeout on top, which automatically skips further calls to the Anti-Malware engines when the timeout is reached in order to improve end-user convenience. Please make sure you understand that skipping Anti-Malware engine calls may significantly impact the security of the product - please read the documentation to understand the impact. NOTE: The latest AV/GAM engine supports skipping archives whose objects are filtered on its own, so it is no longer required to skip such objects in the rule engine.

 

How McAfee Web Gateway Filtering Works:-


When a user wants to download a file the file is downloaded and processed by the Web Gateway. Every file(object) walks through the rule engine (your policy) several times in different cycles.
When the request is allowed Web Gateway starts to download the file from the server. The downloaded object is then passed through the rule engine in the “Response” cycle. If during the processing in the rule engine the“Composite Opener” is enabled and detects that the object can be extracted, all objects are extracted and an “Embedded Object” cycle is performed, which means that each extracted object runs through the rule engine again.
Even in an “Embedded Object” cycle the “Composite Opener” is called and may deeper extract objects, causing more “Embedded Object” cycle to be executed.


This is done for every object which can be extracted by McAfee Web Gateway. Very complex archives can have up to (or more than) 50.000 objects. Each of these objects including the archives themselves are passed through the rule engine.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 

Regards

Alok Sarda

View solution in original post

2 Replies
aloksard
Employee
Employee
Report Inappropriate Content
Message 2 of 3

Re: Anti-malware maximum file size

Jump to solution

Hi,

Hope you are doing well.

There is no single file size limit for scanning, it differs based on filetype, but the larger the file, the more disk space you'll need and the more time to process.

 

MWG doesn’t include any artificial limitation. One of the limiting factor can be the size of /opt partition.

 

From a technical perspective, there is no limit to the size of files scanned ,That said, we do recommend a size limit in practice if you plan to perform malware scanning. This is because the time taken to scan files increases along with file size and complexity, and the chances of a client timeout increase accordingly. The default Gateway Anti-Malware rule set checks the Content-Length header in the original request or response, and will skip scanning if this exceeds 200 MB. It is possible to edit this rule to change or remove the size limit.

 

Also we have Gateway Anti-Malware With Optimization Rule Set  in our rule set library which can be used.

Gateway Anti-Malware With Optimization Rule Set from the Ruleset Library, download the latest version from:
https://contentsecurity.mcafee.com/ruleset_library

 

Gateway Anti-malware with Optimization  rule:-

This is a clone of the default "Gateway Anti-Malware" rule set that ships with the product, but it contains some options to reduce the amount of time required for filtering files. It automatically skips some duplicate checks and allows to specify a timeout on top, which automatically skips further calls to the Anti-Malware engines when the timeout is reached in order to improve end-user convenience. Please make sure you understand that skipping Anti-Malware engine calls may significantly impact the security of the product - please read the documentation to understand the impact. NOTE: The latest AV/GAM engine supports skipping archives whose objects are filtered on its own, so it is no longer required to skip such objects in the rule engine.

 

How McAfee Web Gateway Filtering Works:-


When a user wants to download a file the file is downloaded and processed by the Web Gateway. Every file(object) walks through the rule engine (your policy) several times in different cycles.
When the request is allowed Web Gateway starts to download the file from the server. The downloaded object is then passed through the rule engine in the “Response” cycle. If during the processing in the rule engine the“Composite Opener” is enabled and detects that the object can be extracted, all objects are extracted and an “Embedded Object” cycle is performed, which means that each extracted object runs through the rule engine again.
Even in an “Embedded Object” cycle the “Composite Opener” is called and may deeper extract objects, causing more “Embedded Object” cycle to be executed.


This is done for every object which can be extracted by McAfee Web Gateway. Very complex archives can have up to (or more than) 50.000 objects. Each of these objects including the archives themselves are passed through the rule engine.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 

Regards

Alok Sarda

Re: Anti-malware maximum file size

Jump to solution

Thank you Alok, as always you have answered my question comprehensively.  I hadn't noticed the 200MB rule as I'd been looking at a customer ruleset where it had been removed!

Since this rule is included (albeit disabled) in the standard Anti-Malware ruleset, is 200MB a McAfee recommendation?

Many thanks again

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community