them for viruses:
Executable files (exe, bat, and com)
Visual basic files (vbs)
Compressed files (zip, gzip, tar, hta, and rar)
Screen saver files (scr)
Dynamic link libraries (dll)
MS Office files containing macros
If the virus scanner finds a virus, the file is deleted from the data stream and replaced with a
message informing the user that a virus was found and the file was deleted. To customize this
message, see
Block
Block deletes target files from the protocol data stream. By default selecting block causes the
DFL-500 to delete all target files. Configure file blocking by selecting Detail.
Detail
Select Detail to configure the file types to block. You can block any of the file types listed above.
·
Select OK to save your changes.
Sample antivirus configuration
Worm protection
When configured for worm protection, the virus scanning engine checks HTTP requests by scanning their
originating web page for known worm patterns. For example, Code Red attempts to gain entry to MS IIS
servers by trying to exploit a known buffer overflow bug in these servers.
To scan SMTP, POP3, and IMAP email attachments for worms, the virus scanning engine looks for filenames
known to be used by worms. For example, the Nimda worm uses files named readme.exe and sample.exe.
To configure worm protection, choose the connection type and then turn on worm protection. You can turn on
worm protection for the 2 connection types that correspond to the 2 firewall policy types.
Worm protection settings
From To
Description
Internal External
To protect users and servers installed on your internal network from downloading worms from the
Internet.
External Internal
To protect users and servers on the Internet from downloading worms from your internal network.
To configure worm protection:
·
Go to
Anti-Virus > Config
> Worm Protection.
·
Select Protection Status for each of the connection types to turn on worm protection for that connection
type.
DFL-500 User Manual
93