ZyWALL 5/35/70 Series User’s Guide

14.2.1 How the ZyWALL Anti-Virus Scanner Works

The ZyWALL checks traffic going to the interface(s) you specify for signature matches.

Figure 121 ZyWALL Anti-virus Example

The following describes the virus scanning process on the ZyWALL.

1The ZyWALL first identifies SMTP, POP3, HTTP and FTP packets through standard ports.

2If the packets are not session connection setup packets (such as SYN, ACK and FIN), the ZyWALL records the sequence of the packets.

3The scanning engine checks the contents of the packets for virus.

4If a virus pattern is matched, the ZyWALL “destroys” the file by removing the infected portion of the file.

5If the send alert message function is enabled, the ZyWALL sends an alert to the file’s indented destination computer(s).

Note: Since the ZyWALL erases the infected portion of the file before sending it, you may not be able to open the file.

14.2.2 Notes About the ZyWALL Anti-Virus

To use the anti-virus scanner on the ZyWALL, you need to insert the ZyWALL Turbo Card into the rear panel slot of the ZyWALL. See the ZyWALL Turbo Card guide for details.

Note: The ZyWALL has no wireless capability when the ZyWALL Turbo Card is in place.

The ZyWALL Turbo Card does not have a MAC address.

The following lists important notes about the anti-virus scanner:

Chapter 14 Anti-Virus

256