User Guide
191
15
Gateway AntiVirus and Intrusion
Prevention Service
There are many methods to attack computers on the Internet. The two primary categories of attack are
viruses and intrusions. Viruses, including worms and trojans, are malicious computer programs that
self-replicate and put copies of themselves into other executable code or documents on your com-
puter. When a computer is infected, the virus can destroy files or record key strokes. An intrusion is
when someone launches a direct attack on your computer. Usually the attack exploits a vulnerability in
an application. These attacks are created to cause damage to your network, get sensitive information,
or use your computers to attack other networks.
To help protect your network from viruses and intrusions, you can purchase the optional Gateway Anti-
Virus/Intrusion Prevention Service (Gateway AV/IPS) for the Firebox® X Edge e-Series to identify and
prevent attacks. The Intrusion Prevention Service and the Gateway AntiVirus Service operate with the
SMTP, POP3, HTTP, and FTP proxies. When a new attack is identified, the features that make the virus or
intrusion attack unique are recorded. These recorded features are known as the signature. Gateway
AV/IPS uses these signatures to find viruses and intrusion attacks when they are scanned by the proxy.
You must purchase the Gateway AV/IPS upgrade to use these services. For more information, visit the
WatchGuard LiveSecurity® web site at
http://www.watchguard.com/store
or contact your WatchGuard
reseller.
WatchGuard cannot guarantee that Gateway AV/IPS can stop all viruses or intrusions, or prevent dam-
age to your systems or networks from a virus or intrusion attack.
Understanding Gateway AntiVirus Settings
The Gateway AntiVirus Service works together with the SMTP, POP3, HTTP, and FTP proxies. If you have
not enabled these proxies they are automatically enabled with a default configuration when you
enable Gateway AV for that protocol.
•
If you enable Gateway AntiVirus with the POP3 or SMTP proxy, it finds viruses encoded with
frequently used email attachment methods. If a virus is found, the attachment is removed.
Gateway AntiVirus scans all emails with base64, binary, 7-bit, and 8-bit encoding and all
uuencoded email. Gateway AntiVirus blocks email that uses binhex encoding.
•
If you enable Gateway AntiVirus with the HTTP proxy, it finds viruses in content that users try to
download with HTTP, such as web pages. If a virus is found, the user’s connection is dropped. The
user sees the custom deny message you set with your HTTP proxy configuration.
Содержание Firebox X20E
Страница 20: ...The Firebox X Edge and Your Network 8 Firebox X Edge e Series...
Страница 32: ...Using the Quick Setup Wizard 20 Firebox X Edge e Series...
Страница 64: ...Viewing the Configuration File 52 Firebox X Edge e Series...
Страница 92: ...Configuring BIDS 80 Firebox X Edge e Series...
Страница 102: ...Configuring the Wireless Card on Your Computer 90 Firebox X Edge e Series...
Страница 114: ...Configuring Policies for the Optional Network 102 Firebox X Edge e Series...
Страница 138: ...Using Additional Services for Proxies 126 Firebox X Edge e Series...
Страница 158: ...Working with Firewall NAT 146 Firebox X Edge e Series...
Страница 166: ...Using Certificates on the Firebox X Edge 154 Firebox X Edge e Series...
Страница 208: ...Updating Gateway AV IPS 196 Firebox X Edge e Series...
Страница 220: ...Frequently Asked Questions 208 Firebox X Edge e Series...
Страница 302: ...Limited Hardware Warranty 290 Firebox X Edge e Series...
Страница 310: ...298 Firebox X Edge e Series...