D-Link DFL-800-AV-12 User Manual - Page 185
General options, File Type Blocking/Allowing, Scan Exclude Option, Compression Ratio Limit
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 185 highlights
6.4.6. Anti-Virus Options Chapter 6. Security Mechanisms 1. General options Mode Fail mode behaviour This must be one of: A. Enabled which means Anti-Virus is active. B. Audit which means it is active but logging will be the only action. If a virus scan fails for any reason then the transfer can be dropped or allowed, with the event being logged. 2. File Type Blocking/Allowing Action When a particular download file type is encountered, the administrator can explicitly state if the file is to be allowed or blocked as a download. File types The file type to be blocked or allowed can be added into the list. For example "GIF" could be added. If a filetype is on the allowed list then it should be noted that MIME matching will still take place even if MIME matching is switched off (providing the filetype is part of the list in Appendix C, Checked MIME filetypes). This is done to guard against an attack that tries to exploit the fact the filetype is on the allowed list. 3. Scan Exclude Option Certain filetypes may be explicitly excluded from virus-scanning if that is desirable. This can increase overall throughput if an excluded filetype is a type which is commonly encountered in a particular scenario. 4. Compression Ratio Limit When scanning compressed files, NetDefendOS must apply decompression to examine the file's contents. Some types of data can result in very high compression ratios where the compressed file is a small fraction of the original uncompressed file size. This can mean that a comparatively small compressed file attachment might need to be uncompressed into a much larger file which can place an excessive load on NetDefendOS resources and noticeably slowdown throughput. To prevent this situation, the administrator should specify a Compression Ratio limit. If the limit of the ration is specified as 10 then this will mean that if the uncompressed file is 10 times larger than the compressed file, the specified Action should be taken. The Action can be one of: • Allow - The file is allowed through without virus scanning • Scan - Scan the file for viruses as normal • Drop - Drop the file In all three of the above cases the event is logged. Verifying the MIME Type The ALG File Integrity options can be utilized with Anti-Virus scanning to check that the file's contents matches the MIME type it claims to be The MIME type identifies a file's type. For instance a file might be identified as being of type .gif and therefore should contain image data of that type. Some viruses can try to hide inside files by using a misleading file type. A file might pretend to be a .gif file but the file's data will not match that type's data pattern because it is infected with a virus. 185