1 how the zywall anti-virus scanner works, 2 notes about the zywall anti-virus, Figure 121 zywall anti-virus example – ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0 User Manual

ZyWALL 5/35/70 Series User’s Guide

Chapter 14 Anti-Virus

256

14.2.1 How the ZyWALL Anti-Virus Scanner Works

The ZyWALL checks traffic going to the interface(s) you specify for signature matches.

Figure 121 ZyWALL Anti-virus Example

The following describes the virus scanning process on the ZyWALL.

1 The ZyWALL first identifies SMTP, POP3, HTTP and FTP packets through standard

ports.

2 If the packets are not session connection setup packets (such as SYN, ACK and FIN), the

ZyWALL records the sequence of the packets.

3 The scanning engine checks the contents of the packets for virus.

4 If a virus pattern is matched, the ZyWALL “destroys” the file by removing the infected

portion of the file.

5 If the send alert message function is enabled, the ZyWALL sends an alert to the file’s

indented destination computer(s).

Note: Since the ZyWALL erases the infected portion of the file before sending it, you

may not be able to open the file.

14.2.2 Notes About the ZyWALL Anti-Virus

To use the anti-virus scanner on the ZyWALL, you need to insert the ZyWALL Turbo Card
into the rear panel slot of the ZyWALL. See the ZyWALL Turbo Card guide for details.

Note: The ZyWALL has no wireless capability when the ZyWALL Turbo Card is in

place.

The ZyWALL Turbo Card does not have a MAC address.

The following lists important notes about the anti-virus scanner: