beautypg.com

Activating anti-virus scanning, The signature database, Subscribing to the d-link anti-virus service – D-Link DFL-2500 User Manual

Page 184: Anti-virus options

background image

D-Link Firewall. However, the available free memory can place a limit on the number of concurrent
scans that can be initiated. The administrator can increase the default amount of free memory
available to Anti-Virus scanning through changing the AVSE_MAXMEMORY advanced setting.
This setting specifies what percentage of total memory is to be used for Anti-Virus scanning.

Protocol Specific Behaviour

Since Anti-Virus scanning is implemented through an Application Level Gateway (ALG), specific
protocol specific features are implemented in NetDefendOS. With FTP, for example, scanning is
aware of the dual control and data transfer channels that are opened and can send a request via the
control connection to stop a download if a virus in the download is detected.

6.4.3. Activating Anti-Virus Scanning

Association with an ALG

Activation of Anti-Virus scanning is achieved through an Application Layer Gateway (ALG)
associated with the targeted protocol. An HTTP ALG object should first be created with Anti-Virus
enabled. The ALG must then be associated with the appropriate Service object for the protocol to be
scanned. This Service object is then associated with a rule in the IP rule set which defines the origin
and destination of the traffic to which the ALG is to be applied.

Creating Anti-Virus Policies

Since IP rule set rules are the means by which the Anti-Virus feature is deployed, the deployment
can be policy based. IP rules can specify that the ALG and its associated Anti-Virus scanning can
apply to traffic going in a given direction and between specific source and destination IP addresses
and/or networks. Scheduling can also be applied to virus scanning so that it takes place only at
specific times.

6.4.4. The Signature Database

SafeStream

NetDefendOS Anti-Virus scanning is implemented by D-Link using the "SafeStream" virus
signature database. The SafeStream database is created and maintained by Kaspersky, a company
which is a world leader in the field of virus detection. The database provides protection against
virtually all known virus threats including trojans, worms, backdoor exploits and others. The
database is also thoroughly tested to provide near zero false positives.

Database Updates

The SafeStream database is updated on a daily basis with new virus signatures. Older signatures are
seldom retired but instead are replaced with more generic signatures covering several viruses. The
local NetDefendOS copy of the SafeStream database should therefore be updated regularly and this
updating service is enabled as part of the subscription to the D-Link Anti-Virus subscription.

6.4.5. Subscribing to the D-Link Anti-Virus Service

The D-Link Anti-Virus feature is purchased as an additional component to the base D-Link license
and is bought in the form of a renewable subscription. An Anti-Virus subscription includes regular
updates of the Kaspersky SafeStream database during the subscription period with the signatures of
the latest virus threats.

To subscribe to the Anti-Virus service please refer to the details described in Appendix A,
Subscribing to Security Updates.

6.4.6. Anti-Virus Options

When configuring Anti-Virus scanning in an ALG, the following parameters can be set:

6.4.3. Activating Anti-Virus Scanning

Chapter 6. Security Mechanisms

184