6.4.4. The Signature Database
SafeStream
NetDefendOS Anti-Virus scanning is implemented by D-Link using the "SafeStream" virus
signature database. The SafeStream database is created and maintained by Kaspersky, a company
which is a world leader in the field of virus detection. The database provides protection against
virtually all known virus threats including trojans, worms, backdoor exploits and others. The
database is also thoroughly tested to provide near zero false positives.
Database Updates
The SafeStream database is updated on a daily basis with new virus signatures. Older signatures are
seldom retired but instead are replaced with more generic signatures covering several viruses. The
local NetDefendOS copy of the SafeStream database should therefore be updated regularly and this
updating service is enabled as part of the subscription to the D-Link Anti-Virus subscription.
6.4.5. Subscribing to the D-Link Anti-Virus Service
The D-Link Anti-Virus feature is purchased as an additional component to the base D-Link license
and is bought in the form of a renewable subscription. An Anti-Virus subscription includes regular
updates of the Kaspersky SafeStream database during the subscription period with the signatures of
the latest virus threats.
6.4.6. Anti-Virus Options
When configuring Anti-Virus scanning in an ALG, the following parameters can be set:
1. General options
Mode
This must be one of:
i.
Disabled - Anti-Virus is switched off.
ii.
Audit - Scanning is active but logging is the only action.
iii.
Protect - Anti-Virus is active. Suspect files are dropped and
logged.
Fail mode behavior
If a virus scan fails for any reason then the transfer can be dropped or
allowed, with the event being logged. If this option is set to Allow then
a condition such as the virus database not being available or the
current license not being valid will not cause files to be dropped.
Instead, they will be allowed through and a log message will be
generated to indicate a failure has occurred.
2. Scan Exclude Option
Certain filetypes may be explicitly excluded from virus-scanning if that is desirable. This can
increase overall throughput if an excluded filetype is a type which is commonly encountered in a
particular scenario, such as image files in HTTP downloads.
NetDefendOS performs MIME content checking on all the filetypes listed in Appendix C, Verified
MIME filetypes to establish the file's true filetype and then look for that filetype in the excluded list.
If the file's type cannot be established from its contents (and this may happen with filetypes not
specified in Appendix C, Verified MIME filetypes) then the filetype in the file's name is used when
6.4.5. Subscribing to the D-Link
Anti-Virus Service
Chapter 6. Security Mechanisms
316
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...