Chapter 39 Anti-Virus
ZyWALL USG Series User’s Guide
740
Anti-Virus Licensing
The Zyxel Device downloads signature sets after it is registered and the anti-virus license is activated at
myZyxel. A signature is a unique string of bits, or binary pattern, of a virus. A signature acts as a fingerprint
that can be used to detect and identify a specific virus. These signatures are periodically updated if you
have a valid license.
Having extensive, up-to-date signatures with the most common virus is critical to making the anti-virus
service work effectively. Section 8.2 on page 269 shows licensing information for the different signature
databases that can be used by the Zyxel Device.
After the anti-virus license expires, you need to purchase an iCard to update your local signature
database. Extend your license in the Registration > Service screen.
Anti-Virus Scan Process
1 Before going through the Anti-Virus file scan, the Zyxel Device first identifies the packets sent by the
following four major protocols with corresponding standard ports:
• FTP (File Transfer Protocol)
• HTTP (Hyper Text Transfer Protocol)
• SMTP (Simple Mail Transfer Protocol)
• POP3 (Post Office Protocol version 3)
The Zyxel Device records the order of packets in TCP connection-oriented sessions to check for
matching virus signatures. The order of non-setup packets such as SYN, ACK and FIN is ignored.
2 The Zyxel Device checks every packet of the file for matches with the local signature databases.
If a virus pattern signature is matched, the actions you specify for identified virus will be applied. If
Destroy infected file is enabled, the file will be modified. Logs/alerts will be sent according to your
settings.
Note: The receiver is not notified if a file is modified by the Zyxel Device. If the file cannot be
used, the receiver should contact the Zyxel Device administrator to confirm if the Zyxel
Device modified the file by checking the logs.
Notes About the Zyxel Device Anti-Virus
The following lists important notes about the Zyxel Device’s anti-virus feature:
1 Zyxel’s anti-virus feature can detect polymorphic virus (see Section 39.5 on page 749).
2 When a virus is detected, a log is created or an alert message is sent to the administrator depending on
your log settings.
3 Changes to the Zyxel Device’s anti-virus settings only affect new sessions, not sessions that already
existed before you applied the changed settings.
4 The Zyxel Device does not scan the following file/traffic types:
• Simultaneous downloads of a file using multiple connections. For example, when you use FlashGet
to download sections of a file simultaneously.
To Next Page
Loading...
