Anti-virus scanning, Overview, Implementation – D-Link DFL-2500 User Manual

6.4. Anti-Virus Scanning

6.4.1. Overview

The NetDefendOS Anti-Virus module protects against malicious code carried in file downloads.
Files may be downloaded as part of a web-page in an HTTP transfer, in an FTP download, or
perhaps as an attachment to an email delivered through SMTP. Malicious code in such downloads
can have different intents ranging from programs that merely cause annoyance to more sinister aims
such as sending back passwords, credit card numbers and other sensitive information. The term
"Virus" can be used as a generic description for all forms of malicious code carried in files.

Combining with Client Anti-Virus Scanning

Unlike IDP, which is primarily directed at attacks against servers, Anti-Virus scanning is focussed
on downloads by clients. NetDefendOS Anti-Virus is designed to be a compliment to the standard
antivirus scanning normally carried out locally by specialised software installed on client computers.
IDP is not intended as a complete substitute for local scanning but rather as an extra shield to boost
client protection. Most importantly, it can act as a backup for when local client antivirus scanning is,
for some reason, not able to function.

NetDefendOS Anti-Virus is enabled via the HTTP Application Layer Gateway (see Section 6.2.2,
“HTTP”).

Anti-Virus Availability on D-Link Models

Anti-Virus scanning is available on the D-Link DFL-260 and DFL-860 only.

6.4.2. Implementation

Streaming

As a file transfer is streamed through a D-Link Firewall, NetDefendOS will scan the data stream for
the presence of viruses if the Anti-Virus module is enabled. Since files are being streamed and not
being read completely into memory, a minmum amount of memory is required and there is minimal
effect on overall throughput.

Pattern Matching

The inspection process is based on pattern matching against a database of known virus patterns and
can determine, with a high degree of certainty, if a virus is in the process of being downloaded to a
user behind a D-Link Firewall. Once a virus is recognized in the contents of a file, the download can
be terminated before it completes.

Types of Files Scanned

The NetDefendOS Anti-Virus module is able to scan the following types of downloads:

•

HTTP, FTP, TFTP, SMTP and POP3 file downloads

•

Any uncompressed file type transferred through these protocols

•

If the download has been compressed, ZIP and GZIP files can be scanned

The administrator has the option to always drop specific files as well as the option to specify a size
limit on scanned files. If no size limit is specified then there is no default upper limit on file sizes.

Simultaneous Scans

There is no fixed limit on how many Anti-Virus scans can take place simultaneously in a single

6.4. Anti-Virus Scanning

Chapter 6. Security Mechanisms

183