D-Link DFL-800-AV-12 User Manual - Page 183
Anti-Virus Scanning, 6.4.1. Overview, 6.4.2. Implementation
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 183 highlights
6.4. Anti-Virus Scanning Chapter 6. Security Mechanisms 6.4. Anti-Virus Scanning 6.4.1. Overview The NetDefendOS Anti-Virus module protects against malicious code carried in file downloads. Files may be downloaded as part of a web-page in an HTTP transfer, in an FTP download, or perhaps as an attachment to an email delivered through SMTP. Malicious code in such downloads can have different intents ranging from programs that merely cause annoyance to more sinister aims such as sending back passwords, credit card numbers and other sensitive information. The term "Virus" can be used as a generic description for all forms of malicious code carried in files. Combining with Client Anti-Virus Scanning Unlike IDP, which is primarily directed at attacks against servers, Anti-Virus scanning is focussed on downloads by clients. NetDefendOS Anti-Virus is designed to be a compliment to the standard antivirus scanning normally carried out locally by specialised software installed on client computers. IDP is not intended as a complete substitute for local scanning but rather as an extra shield to boost client protection. Most importantly, it can act as a backup for when local client antivirus scanning is, for some reason, not able to function. NetDefendOS Anti-Virus is enabled via the HTTP Application Layer Gateway (see Section 6.2.2, "HTTP"). Anti-Virus Availability on D-Link Models Anti-Virus scanning is available on the D-Link DFL-260 and DFL-860 only. 6.4.2. Implementation Streaming As a file transfer is streamed through a D-Link Firewall, NetDefendOS will scan the data stream for the presence of viruses if the Anti-Virus module is enabled. Since files are being streamed and not being read completely into memory, a minmum amount of memory is required and there is minimal effect on overall throughput. Pattern Matching The inspection process is based on pattern matching against a database of known virus patterns and can determine, with a high degree of certainty, if a virus is in the process of being downloaded to a user behind a D-Link Firewall. Once a virus is recognized in the contents of a file, the download can be terminated before it completes. Types of Files Scanned The NetDefendOS Anti-Virus module is able to scan the following types of downloads: • HTTP, FTP, TFTP, SMTP and POP3 file downloads • Any uncompressed file type transferred through these protocols • If the download has been compressed, ZIP and GZIP files can be scanned The administrator has the option to always drop specific files as well as the option to specify a size limit on scanned files. If no size limit is specified then there is no default upper limit on file sizes. Simultaneous Scans There is no fixed limit on how many Anti-Virus scans can take place simultaneously in a single 183