Sending large files for AV scanning can affect the performance of ProxySG and CAS server. Best practice is to bypass scanning big files based on the file size.

To configure the ProxySG to not send files larger than (in this example) 100MB to the CAS:

1. Ensure that you have already configured ICAP scanning in the Visual Policy Manager (VPM).
2. Add the following code to your proxy’s Local Policy file:

<cache>
      response.header.Content-Length="^[0-9]{9,12}$"  response.icap_service(no)

This code, Content Policy Language statement,  instructs the ProxySG to look at the Content-Length header field of the HTTP response. If the length of this character string has between 9 and 12 digits (i.e. the length is between 100,000,000 to 999,999,999,999 bytes) then the file will not be passed to the CAS for scanning. So files of at least 100MB in size will not be scanned.

For greater flexibility in determining the minimum and maximum file sizes to not scan, refer to the article How to allow or deny certain download file size limits which is having some more examples.

Note:  This statement applies only to HTTP-based file transfers.

Alternatively, you can configure the CAS appliance to not scan files that are considered to be too large. However, when you configure the do not scan rule on the CAS appliance, the ProxySG will continue to transfer files to the CAS before the CAS looks up the rule to not scan the content. Therefore, implementing the code shown in the example above is a better way to manage large files that do not need AV scanning.