Virus protection
D-Link's DFL-1000 secure gateway solution adds anti-virus and anti-worm functionality to conventional
VPN and firewall technology. Virus and worm protection screens the information found in web traffic
(HTTP protocol) and email traffic (SMTP, POP3, and IMAP protocols) for the following types of target files:
•
Executable files (exe, bat, and com)
•
Visual basic files (vbs)
•
Compressed files (zip, gzip, tar, hta, and rar)
•
Screen saver files (scr)
•
Dynamic link libraries (dll)
•
MS Office files
You can configure DFL-1000 virus scanning to block target files (high level protection), to scan target files
for viruses (medium level protection), or to allow target files through (low level protection).
With high level protection turned on, the DFL-1000 identifies and removes all files and attachments from
content protocol data streams before they enter your internal network.
With medium level protection turned on, the DFL-1000 virus scanning engine scans all target files for
viruses. You can configure the virus scanning engine to perform up to four different virus scans on each
target file.
With low level protection turned on, DFL-1000 virus protection is temporarily suspended. All target files
are forwarded directly to their destinations.
With worm protection turned on, the DFL-1000 checks HTTP requests by scanning their originating web
page for known worm patterns. To scan email attachments for worms, the DFL-1000 looks for filenames
known to be used by worms.
If the DFL-1000 detects a virus or worm in a file, the file is deleted from the data stream and replaced with
an alert message. DFL-1000 content virus and worm prevention is transparent to the end user. Client and
server programs require no special configuration and D-Link high performance hardware and software
ensure there are no noticeable download delays.
This chapter describes:
•
Virus and worm protection for your internal network
•
Virus and worm protection for incoming connections
•
Updating your antivirus database
•
Displaying virus and worm lists
Virus protection is available in NAT mode but not in Transparent mode.
Virus and worm protection for your internal network
You can configure virus protection to screen web traffic (HTTP protocol) and email traffic (SMTP, POP3,
and IMAP protocols) for viruses. You can configure high, medium, and low level protection for each of
these types of traffic.
Several configuration options are available for each level of virus protection. By changing the protection
level and the configuration options for each level, you can quickly and easily react to new virus threats
before your network becomes infected.
You can also configure worm protection to screen web and email traffic to prevent worms from infecting
your internal network.
This section describes:
DFL-1000 User’s Manual
70