ZyXEL Communications ZyWALL 1000 28.2Introduction to the ZyWALL Anti-VirusScanner, 28.1.3Types of Anti-VirusScanner, 28.2.1How the ZyWALL Anti-VirusScanner Works

Chapter 28 Anti-Virus

4Once the virus is spread through the network, the number of infected networked computers can grow exponentially.

28.1.3Types of Anti-Virus Scanner

The section describes two types of anti-virus scanner: host-based and network-based.

A host-based anti-virus (HAV) scanner is often software installed on computers and/or servers in the network. It inspects files for virus patterns as they are moved in and out of the hard drive. However, host-based anti-virus scanners cannot eliminate all viruses for a number of reasons:

•HAV scanners are slow in stopping virus threats through real-time traffic (such as from the Internet).

•HAV scanners may reduce computing performance as they also share the resources (such as CPU time) on the computer for file inspection.

•You have to update the virus signatures and/or perform virus scans on all computers in the network regularly.

A network-based anti-virus (NAV) scanner is often deployed as a dedicated security device (such as your ZyWALL) on the network edge. NAV scanners inspect real-time data traffic (such as E-mail messages or web) that tends to bypass HAV scanners. The following lists some of the benefits of NAV scanners.

•NAV scanners stops virus threats at the network edge before they enter or exit a network.

•NAV scanners reduce computing loading on computers as the read-time data traffic inspection is done on a dedicated security device.

28.2Introduction to the ZyWALL Anti-Virus Scanner

The ZyWALL has a built-in signature database. Setting up the ZyWALL between your local network and the Internet allows the ZyWALL to scan files transmitting through the enabled interfaces into your network. As a network-based anti-virus scanner, the ZyWALL helps stop threats at the network edge before they reach the local host computers.

You can set the ZyWALL to examine files received through the following protocols:

•FTP (File Transfer Protocol)

•HTTP (Hyper Text Transfer Protocol)

•SMTP (Simple Mail Transfer Protocol)

•POP3 (Post Office Protocol version 3)

•IMAP4 (Internet Message Access Protocol version 4)

28.2.1How the ZyWALL Anti-Virus Scanner Works

The ZyWALL checks traffic going in the direction(s) you specify for signature matches.

In the following figure the ZyWALL is set to check traffic coming from the WAN zone (which includes two interfaces) to the LAN zone.