Chapter 29 Anti-Virus

29.1.2 What You Need to Know

Anti-Virus Engines

Subscribe to signature files for Kaspersky’s anti-virus engine. After the trial expires, you need to purchase an iCard for the anti-virus engine you want to use and register it in the Registration > Service screen. You must use the Kaspersky anti-virus iCard for the Kaspersky anti-virus engine. See Section 10.1 on page 209 for details.

Virus and Worm

A computer virus is a small program designed to corrupt and/or alter the operation of other legitimate programs. A worm is a self-replicating virus that resides in active memory and duplicates itself. The effect of a virus attack varies from doing so little damage that you are unaware your computer is infected to wiping out the entire contents of a hard drive to rendering your computer inoperable.

ZyWALL Anti-Virus Scanner

The ZyWALL has a built-in signature database. Setting up the ZyWALL between your local network and the Internet allows the ZyWALL to scan files transmitting through the enabled interfaces into your network. As a network-based anti-virus scanner, the ZyWALL helps stop threats at the network edge before they reach the local host computers.

You can set the ZyWALL to examine files received through the following protocols:

FTP (File Transfer Protocol)

HTTP (Hyper Text Transfer Protocol)

SMTP (Simple Mail Transfer Protocol)

POP3 (Post Office Protocol version 3)

IMAP4 (Internet Message Access Protocol version 4)

How the ZyWALL Anti-Virus Scanner Works

The following describes the virus scanning process on the ZyWALL.

1The ZyWALL first identifies SMTP, POP3, IMAP4, HTTP and FTP packets through standard ports.

2If the packets are not session connection setup packets (such as SYN, ACK and FIN), the ZyWALL records the sequence of the packets.

464

 

ZyWALL USG 50 User’s Guide