beautypg.com

Anti-virus scanning, Overview, Implementation – Amer Networks E5Web GUI User Manual

Page 462: Section 6.4, “anti-virus scanning, 4, “anti-virus scanning, Tion 6.4, “anti-virus scanning

background image

6.4. Anti-Virus Scanning

6.4.1. Overview

The cOS Core anti-virus module protects against malicious code carried in data passing through
the Clavister Security Gateway. The following can be scanned:

Any files downloaded. For example, files downloaded using HTTP transfer or FTP or perhaps
as an attachment to email delivered via SMTP.

Scripts contained within webpages delivered via HTTP.

URL contained within webpages delivered via HTTP.

Malicious code in downloads can have different intents ranging from programs that merely
cause annoyance to more sinister aims such as sending back passwords, credit card numbers and
other sensitive information. The term "Virus" can be used as a generic description for all forms of
malicious code carried in files.

Combining with Client Anti-Virus Scanning

Unlike IDP, which is primarily directed at attacks against servers, anti-virus scanning is focused on
downloads by clients. cOS Core anti-virus is designed to be a complement to the standard
antivirus scanning normally carried out locally by specialized software installed on client
computers. It is not intended as a complete substitute for local scanning but rather as an extra
shield to boost client protection. Most importantly, it can act as a backup for when local client
anti-virus scanning is not available.

Enabling Through ALGs

cOS Core anti-virus is enabled for different types of traffic by enabling it in the related ALG
object. It is available for file downloads associated with the following ALGs:

The HTTP ALG

The FTP ALG

The POP3 ALG

The SMTP ALG

6.4.2. Implementation

Streaming

As a data transfer is streamed through the Clavister Security Gateway, cOS Core will scan the data
for the presence of viruses if the anti-virus module is enabled. Since data is being streamed and
not being read completely into memory, a minimum amount of memory is required and there is
minimal effect on overall throughput.

Pattern Matching

The inspection process is based on pattern matching against a database of known virus patterns

Chapter 6: Security Mechanisms

462

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: