Troubleshooting Tip: FortiADC Security AntiVirus error logs and the related configuration variable limits

Prerequisite:

• FortiADC Security log is enabled for the Antivirus category.
• Server Load Balance virtual server should be in profile type L7-TCP, HTTP, HTTPS, or SMTP.

FortiADC Server Load Balance with Layer-7 TCP, HTTP, HTTPS, and SMTP profile supports the Antivirus security scans. The default Antivirus Profile has the compressed file size limit, nested compressed file limit, and the file size limit. Hitting the limit will trigger the error log in the Security Log for Antivirus. The error sample and the relative limit settings are listed as follows.

The default Antivirus-Profile is not editable, it is mandatory to clone or create a custom Antivirus Profile and include the Antivirus profile in the SLB Virtual Server.

1. Error message 'AV engine meet error: exceed archive decompress size limit'. This error is related to the 'Uncomp Size Limit' setting. The default value of Uncomp Size Limit is 2MB. The valid values range for the limit is from 1 to 2000MB.
   
   

2. Error message 'AV engine meet error: exceed archive nested limit, archive corrupted'. This error is related to the 'Uncomp Nest Limit' setting. The default value of Uncomp Nest Limit is 2. The valid values range for the limit is from 2 to 100.
   
   
   
   
3. Error message 'AV scan length oversize'. This error is related to the 'Oversize Limit' setting. The default value of the Oversize limit is 1024KB. The valid values range for the limit is from 1 to 12000000KB. For AntiVirus files larger than 1000KB, the device memory must be larger than 32GB to support the scan.
   
   
   AntiVirus Profile can be cloned or created in FortiADC -> Network Security -> AntiVirus.
   

Related document:

Creating an AV profile