Hi jquadri,
ASM does not support scanning HTTP file uploads. In fact, as file uploads can typically be binary content, you're pretty much limited to validating the size of the upload. You can restrict what file extension is used by configuring a parameter for filename on the request with a regex to describe the parameter value. Something like this would perform a case insensitive check for .txt, .doc, .rtf and .pdf files: (?i)^[-a-z0-9._+ /\&]+\.(?:txt|doc|rtf|pdf)$
You could try to collect the HTTP payload for POST requests to pages which accept file uploads and use HTTP::retry to send the request to a scanning server and then to the pool, but you're limited to 4Mb of payload collection per TCP connection (
Click here). And it would probably add significant overhead.
You might be better off trying to perform the validation on the web or app server for now. F5 uses ClamAV for Firepass. Maybe you could open a case with F5 Support asking them to provide file upload validation locally.
Aaron