the excluded list is checked.
3. Compression Ratio Limit
When scanning compressed files, NetDefendOS must apply decompression to examine the file's
contents. Some types of data can result in very high compression ratios where the compressed file is
a small fraction of the original uncompressed file size. This can mean that a comparatively small
compressed file attachment might need to be uncompressed into a much larger file which can place
an excessive load on NetDefendOS resources and noticeably slowdown throughput.
To prevent this situation, the administrator should specify a Compression Ratio limit. If the limit of
the ration is specified as 10 then this will mean that if the uncompressed file is 10 times larger than
the compressed file, the specified Action should be taken. The Action can be one of:
•
Allow - The file is allowed through without virus scanning
•
Scan - Scan the file for viruses as normal
•
Drop - Drop the file
In all three of the above cases the event is logged.
Verifying the MIME Type
The ALG File Integrity options can be utilized with Anti-Virus scanning to check that the file's
contents matches the MIME type it claims to be.
The MIME type identifies a file's type. For instance a file might be identified as being of type .gif
and therefore should contain image data of that type. Some viruses can try to hide inside files by
using a misleading file type. A file might pretend to be a .gif file but the file's data will not match
that type's data pattern because it is infected with a virus.
Enabling of this function is recommended to make sure this form of attack cannot allow a virus to
get through. The possible MIME types that can be checked are listed in Appendix C, Verified MIME
filetypes.
Setting the Correct System Time
It is important that a NetDefendOS has the correct system time set if the auto-update feature in the
Anti-Virus module can function correctly. An incorrect time can mean the auto-updating is disabled.
The console command
gw-world:/> updatecenter -status
will show the current status of the auto-update feature. This can also be done through the WebUI.
Updating in High Availability Clusters
Updating the Anti-Virus databases for both the NetDefend Firewalls in an HA Cluster is performed
automatically by NetDefendOS. In a cluster there is always an active unit and an inactive unit. Only
the active unit in the cluster will perform regular checking for new database updates. If a new
database update becomes available the sequence of events will be as follows:
1.
The active unit determines there is a new update and downloads the required files for the
update.
2.
The active unit performs an automatic reconfiguration to update its database.
6.4.6. Anti-Virus Options
Chapter 6. Security Mechanisms
317
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...