Chapter 33 Anti-Virus

2If the packets are not session connection setup packets (such as SYN, ACK and FIN), the ZyWALL records the sequence of the packets.

3The scanning engine checks the contents of the packets for virus.

4If a virus pattern is matched, the ZyWALL removes the infected portion of the file along with the rest of the file. The un-infected portion of the file before a virus pattern was matched still goes through.

5If the send alert message function is enabled, the ZyWALL sends an alert to the file’s intended destination computer(s).

Note: Since the ZyWALL erases the infected portion of the file before sending it, you may not be able to open the file.

Notes About the ZyWALL Anti-Virus

The following lists important notes about the anti-virus scanner:

1The ZyWALL anti-virus scanner can detect polymorphic viruses.

2When a virus is detected, an alert message is displayed in Microsoft Windows computers. Refer to Appendix C on page 963 if your Windows computer does not display the alert messages.

3Changes to the ZyWALL’s anti-virus settings affect new sessions (not the sessions that already existed before you applied the changed settings).

4The ZyWALL does not scan the following file/traffic types:

Simultaneous downloads of a file using multiple connections. For example, when you use FlashGet to download sections of a file simultaneously.

Encrypted traffic. This could be password-protected files or VPN traffic where the ZyWALL is not the endpoint (pass-through VPN traffic).

Traffic through custom (non-standard) ports. The only exception is FTP traffic. The ZyWALL scans whatever port number is specified for FTP in the ALG screen.

ZIP file(s) within a ZIP file.

Finding Out More

See Section 6.5.19 on page 112 for related information on these screens.

See Section 33.7 on page 561 for anti-virus background information.

 

549

ZyWALL USG 2000 User’s Guide