Anti-virus options – Amer Networks E5Web GUI User Manual

3.

Select the TCP in the Type dropdown list

4.

Enter 80 in the Destination Port textbox

5.

Select the HTTP ALG just created in the ALG dropdown list

6.

Click OK

C. Finally, modify the NAT rule (called NATHttp in this example) to use the new service:

1.

Go to: Policies

2.

Select the NAT rule handling the traffic between lan_net and all-nets

3.

Click the Service tab

4.

Select the new service, http_anti_virus, in the predefined Service dropdown list

5.

Click OK

Anti-virus scanning is now activated for all web traffic from lan_net to all-nets.

6.4.4. Anti-Virus Options

When configuring anti-virus scanning in an ALG, the following parameters can be set:

1. General options

Mode

This must be one of:

i.

Disabled - Anti-virus is switched off.

ii.

Audit - Scanning is active but logging is the only action.

iii.

Protect - Anti-virus is active. Suspect files are dropped and
logged.

Fail mode behavior

If a virus scan fails for any reason then the transfer can be dropped
or allowed, with the event being logged. If this option is set to Allow
then a condition such as the virus database not being available or
the current license not being valid will not cause files to be dropped.
Instead, they will be allowed through and a log message will be
generated to indicate a failure has occurred.

2. Scan Exclude Option

Certain filetypes may be explicitly excluded from virus-scanning if that is desirable. This can
increase overall throughput if an excluded filetype is a type which is commonly encountered in a
particular scenario, such as image files in HTTP downloads.

cOS Core performs MIME content checking on all the filetypes listed in Appendix C, Verified MIME
filetypes to establish the file's true filetype and then look for that filetype in the excluded list. If
the file's type cannot be established from its contents (and this may happen with filetypes not

Chapter 6: Security Mechanisms

466