Manuals / Kerio Tech / Computer Equipment / Network Router

Kerio Tech Firewall6 manual Http and FTP scanning

Models: Firewall6

1 398
Download 398 pages 11.9 Kb
Page 166
Image 166

Chapter 11 Antivirus control

in WinRoute. To achieve this, disable antivirus check for SMTP protocol or define a corresponding traffic rule where no protocol inspector will be applied (see chap- ter 23.4).

11.3 HTTP and FTP scanning

As for HTTP and FTP traffic, objects (files) of selected types are scanned.

The file just transmitted is saved in a temporary file on the local disk of the firewall. WinRoute caches the last part of the transmitted file (segment of the data transferred) and performs an antivirus scan of the temporary file. If a virus is detected in the file, the last segment of the data is dropped. This means that the client receives an incomplete (damaged) file which cannot be executed so that the virus cannot be activated. If no virus is found, WinRoute sends the client the rest of the file and the transmission is completed successfully.

Optionally, a warning message informing about a virus detected can be sent to the user who tried to download the file (see the Notify user by email option).

Warning:

1.The purpose of the antivirus check is only to detect infected files, it is not possible to heal them!

2.If the antivirus check is disabled in HTTP and FTP filtering rules, objects and files matching corresponding rules are not checked. For details, refer to chapters 10.2 and 10.6).

3.Full functionality of HTTP scanning is not guaranteed if any non-standard extensions to web browsers (e.g. download managers, accelerators, etc.) are used!

To set parameters of HTTP and FTP antivirus check, open the HTTP, FTP scanning tab in Configuration Content Filtering Antivirus.

Use the If a virus is found... entry to specify actions to be taken whenever a virus is detected in a transmitted file:

Move the file to quarantine — the file will be saved in a special directory on the WinRoute host. WinRoute administrators can later try to heal the file using an an- tivirus program and if the file is recovered successfully, the administrator can provide it to the user who attempted to download it.

The quarantine subdirectory under the WinRoute directory is used for the quaran- tine

(the typical path is C:\Program Files\Kerio\WinRoute Firewall\quarantine).

166

Page 165 Page 167
Page 166
Image 166
Kerio Tech Firewall6 manual Http and FTP scanning
Page 165 Page 167