Chapter 15 Anti-Virus Screens
ZyWALL 5/35/70 Series User’s Guide
300
15.1.2 What You Need to Know About Antivirus
Virus
A computer virus is a small program designed to corrupt and/or alter the operation of other
legitimate programs. A worm is a self-replicating virus that resides in active memory and
duplicates itself. The effect of a virus attack varies from doing so little damage that you are
unaware your computer is infected to wiping out the entire contents of a hard drive to
rendering your computer inoperable.
Signature
This is the pattern of code used by a particular virus. The virus-scanner compares files with a
database of signatures to identify possible viruses.
The ZyWALL Anti-Virus Scanner
The ZyWALL checks traffic going in the direction(s) you specify for signature matches.
You can set the ZyWALL to examine files received through the following protocols:
• FTP (File Transfer Protocol)
• HTTP (Hyper Text Transfer Protocol)
• SMTP (Simple Mail Transfer Protocol)
• POP3 (Post Office Protocol version 3)
The following describes the virus scanning process on the ZyWALL.
1 The ZyWALL first identifies SMTP, POP3, HTTP and FTP packets through standard
ports.
2 If the packets are not session connection setup packets (such as SYN, ACK and FIN), the
ZyWALL records the sequence of the packets.
3 The scanning engine checks the contents of the packets for viruses.
4 If a virus pattern is matched, the ZyWALL “destroys” the file by removing the infected
portion of the file.
5 If the send alert message function is enabled, the ZyWALL sends an alert to the file’s
intended destination computer(s).
" Since the ZyWALL erases the infected portion of the file before sending it, you
may not be able to open the file.
The following lists important notes about the anti-virus scanner:
1 The ZyWALL anti-virus scanner cannot detect polymorphic viruses.
2 When a virus is detected, an alert message is displayed in Microsoft Windows
computers.
2
3 The ZyWALL does not scan the following file/traffic types:
2. For Windows 98/Me, refer to the Appendix D on page 801 for requirements.
To Next Page
Loading...
