6.4. Anti-Virus Scanning
6.4.1. Overview
The NetDefendOS Anti-Virus module protects against malicious code carried in file downloads.
Files may be downloaded as part of a web-page in an HTTP transfer, in an FTP download, or
perhaps as an attachment to an email delivered through SMTP. Malicious code in such downloads
can have different intents ranging from programs that merely cause annoyance to more sinister aims
such as sending back passwords, credit card numbers and other sensitive information. The term
"Virus" can be used as a generic description for all forms of malicious code carried in files.
Combining with Client Anti-Virus Scanning
Unlike IDP, which is primarily directed at attacks against servers, Anti-Virus scanning is focused on
downloads by clients. NetDefendOS Anti-Virus is designed to be a complement to the standard
antivirus scanning normally carried out locally by specialized software installed on client
computers. IDP is not intended as a complete substitute for local scanning but rather as an extra
shield to boost client protection. Most importantly, it can act as a backup for when local client
antivirus scanning is not available.
Enabling Through ALGs
NetDefendOS Anti-Virus is enabled on a per ALG basis. It is available for file downloads
associated with the following ALGs and is enabled in the ALGs themselves:
•
The HTTP ALG
•
The FTP ALG
•
The POP3 ALG
•
The SMTP ALG
Note: Anti-Virus is not available on all NetDefend models
Anti-Virus scanning is only available on the D-Link NetDefend DFL-260, 260E, 860,
860E, 1660, 2560 and 2560G.
6.4.2. Implementation
Streaming
As a file transfer is streamed through the NetDefend Firewall, NetDefendOS will scan the data
stream for the presence of viruses if the Anti-Virus module is enabled. Since files are being
streamed and not being read completely into memory, a minimum amount of memory is required
and there is minimal effect on overall throughput.
Pattern Matching
The inspection process is based on pattern matching against a database of known virus patterns and
can determine, with a high degree of certainty, if a virus is in the process of being downloaded to a
user behind the NetDefend Firewall. Once a virus is recognized in the contents of a file, the
download can be terminated before it completes.
6.4. Anti-Virus Scanning
Chapter 6. Security Mechanisms
314
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...