SonicWALL Gateway Anti-Virus
SonicWALL Gateway Anti-Virus
This section provides an overview to the SonicWALL Gateway Anti-Virus. This section contains the following subsections:
•GAV Overview
•How Does GAV Work?
•Benefits
•SonicWALL Gateway Anti-Virus/Intrusion Prevention Features
•SonicWALL GAV Multi-Layered Approach
•SonicWALL GAV Architecture
GAV Overview
SonicWALL Gateway Anti-Virus (SonicWALL GAV) is part of the SonicWALL Gateway Anti-Virus/Intrusion Prevention Service solution that provides unified threat management. The integration of gateway anti-virus and intrusion prevention delivers intelligent, real-time network security protection against sophisticated application layer and content-based attacks. Utilizing a configurable, high-performance deep packet inspection architecture, SonicWALL Gateway Anti-Virus/Intrusion Prevention Service secures the network from the core to the perimeter against a comprehensive array of dynamic threats including viruses, worms, Trojans, and software vulnerabilities, such as buffer overflows, as well as peer-to-peer and instant messenger applications, backdoor exploits, and other malicious code.
How Does GAV Work?
SonicWALL GAV delivers real-time virus protection directly on the SonicWALL security appliance by using SonicWALL’s IPS-Deep Packet Inspection v2.0 engine to inspect all traffic that traverses the SonicWALL gateway. Building on SonicWALL’s reassembly-free architecture, SonicWALL GAV inspects multiple application protocols, as well as generic TCP streams, and compressed traffic.
Because SonicWALL GAV does not have to perform reassembly, there are no file-size limitations imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are also performed on a single-pass, per-packet basis.
SonicWALL GAV delivers threat protection directly on the SonicWALL security appliance by matching downloaded or e-mailed files against an extensive and dynamically updated database of threat virus signatures. Virus attacks are caught and suppressed before they travel to desktops. New signatures are created and added to the database by a combination of SonicWALL’s SonicAlert Team, third-party virus analysts, open source developers and other sources.
Benefits
SonicWALL GAV can be configured to protect against internal threats as well as those originating outside the network. It operates over a multitude of protocols including SMTP, POP3, IMAP, HTTP, FTP, NetBIOS, instant messaging and peer-to-peer applications and dozens of other stream-based protocols, to provide administrators with comprehensive network threat prevention and control.
Because files containing malicious code and viruses can also be compressed and therefore inaccessible to conventional anti-virus solutions, SonicWALL GAV integrates advanced decompression technology that automatically decompresses and scans files on a per packet basis.