1 how the zywall anti-virus scanner works, 2 notes about the zywall anti-virus, Figure 142 zywall anti-virus example – ZyXEL Communications 5 Series User Manual

ZyWALL 5/35/70 Series User’s Guide

Chapter 14 Anti-Virus

273

14.2.1 How the ZyWALL Anti-Virus Scanner Works

The ZyWALL checks traffic going in the direction(s) you specify for signature matches.

In the following figure the ZyWALL is set to check traffic coming from either WAN port to
the LAN.

Figure 142 ZyWALL Anti-virus Example

The following describes the virus scanning process on the ZyWALL.

1 The ZyWALL first identifies SMTP, POP3, HTTP and FTP packets through standard

ports.

2 If the packets are not session connection setup packets (such as SYN, ACK and FIN), the

ZyWALL records the sequence of the packets.

3 The scanning engine checks the contents of the packets for virus.

4 If a virus pattern is matched, the ZyWALL “destroys” the file by removing the infected

portion of the file.

5 If the send alert message function is enabled, the ZyWALL sends an alert to the file’s

indented destination computer(s).

Note: Since the ZyWALL erases the infected portion of the file before sending it, you

may not be able to open the file.

14.2.2 Notes About the ZyWALL Anti-Virus

To use the anti-virus scanner on the ZyWALL, you need to insert the ZyWALL Turbo Card
into the rear panel slot of the ZyWALL. See the ZyWALL Turbo Card guide for details.