6.4. Anti-Virus Scanning
6.4.1. Overview
The NetDefendOS Anti-Virus module protects against malicious code carried in file downloads.
Files may be downloaded as part of a web-page in an HTTP transfer, in an FTP download, or
perhaps as an attachment to an email delivered through SMTP. Malicious code in such downloads
can have different intents ranging from programs that merely cause annoyance to more sinister aims
such as sending back passwords, credit card numbers and other sensitive information. The term
"Virus" can be used as a generic description for all forms of malicious code carried in files.
Combining with Client Anti-Virus Scanning
Unlike IDP, which is primarily directed at attacks against servers, Anti-Virus scanning is focused on
downloads by clients. NetDefendOS Anti-Virus is designed to be a complement to the standard
antivirus scanning normally carried out locally by specialized software installed on client
computers. It is not intended as a complete substitute for local scanning but rather as an extra shield
to boost client protection. Most importantly, it can act as a backup for when local client antivirus
scanning is not available.
Enabling Through ALGs
NetDefendOS Anti-Virus is enabled for different types of traffic by enabling it in the the related
ALG object. It is available for file downloads associated with the following ALGs:
•
The HTTP ALG
•
The FTP ALG
•
The POP3 ALG
•
The SMTP ALG
6.4.2. Implementation
Streaming
As a file transfer is streamed through the NetDefend Firewall, NetDefendOS will scan the data
stream for the presence of viruses if the Anti-Virus module is enabled. Since files are being
streamed and not being read completely into memory, a minimum amount of memory is required
and there is minimal effect on overall throughput.
Pattern Matching
The inspection process is based on pattern matching against a database of known virus patterns and
can determine, with a high degree of certainty, if a virus is in the process of being downloaded to a
user behind the NetDefend Firewall. Once a virus is recognized in the contents of a file, the
download can be terminated before it completes.
Types of File Downloads Scanned
As described above, Anti-Virus scanning is enabled on a per ALG basis and can scan file downloads
associated with the HTTP, FTP, SMTP and POP3 ALGs. More specifically:
6.4. Anti-Virus Scanning
Chapter 6. Security Mechanisms
343
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...