D-Link DFL-1660 Product Manual - Page 309
Anti-Virus Scanning, 6.4.1. Overview, 6.4.2. Implementation
UPC - 790069334290
View all D-Link DFL-1660 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 309 highlights
6.4. Anti-Virus Scanning Chapter 6. Security Mechanisms 6.4. Anti-Virus Scanning 6.4.1. Overview The NetDefendOS Anti-Virus module protects against malicious code carried in file downloads. Files may be downloaded as part of a web-page in an HTTP transfer, in an FTP download, or perhaps as an attachment to an email delivered through SMTP. Malicious code in such downloads can have different intents ranging from programs that merely cause annoyance to more sinister aims such as sending back passwords, credit card numbers and other sensitive information. The term "Virus" can be used as a generic description for all forms of malicious code carried in files. Combining with Client Anti-Virus Scanning Unlike IDP, which is primarily directed at attacks against servers, Anti-Virus scanning is focused on downloads by clients. NetDefendOS Anti-Virus is designed to be a complement to the standard antivirus scanning normally carried out locally by specialized software installed on client computers. IDP is not intended as a complete substitute for local scanning but rather as an extra shield to boost client protection. Most importantly, it can act as a backup for when local client antivirus scanning is not available. Enabling Through ALGs NetDefendOS Anti-Virus is enabled on a per ALG basis. It is available for file downloads associated with the following ALGs and is enabled in the ALGs themselves: • The HTTP ALG • The FTP ALG • The POP3 ALG • The SMTP ALG Note: Anti-Virus is not available on all NetDefend models Anti-Virus scanning is available only on the D-Link NetDefend DFL-260, 860, 1660, 2560 and 2560G. 6.4.2. Implementation Streaming As a file transfer is streamed through the NetDefend Firewall, NetDefendOS will scan the data stream for the presence of viruses if the Anti-Virus module is enabled. Since files are being streamed and not being read completely into memory, a minimum amount of memory is required and there is minimal effect on overall throughput. Pattern Matching The inspection process is based on pattern matching against a database of known virus patterns and can determine, with a high degree of certainty, if a virus is in the process of being downloaded to a user behind the NetDefend Firewall. Once a virus is recognized in the contents of a file, the download can be terminated before it completes. 309