ZyXEL Communications ZyWALL 1000 28.2.2Notes About the ZyWALL Anti-Virus

Chapter 28 Anti-Virus

Figure 313 ZyWALL Anti-virus Example

The following describes the virus scanning process on the ZyWALL.

1The ZyWALL first identifies SMTP, POP3, IMAP4, HTTP and FTP packets through standard ports.

2If the packets are not session connection setup packets (such as SYN, ACK and FIN), the ZyWALL records the sequence of the packets.

3The scanning engine checks the contents of the packets for virus.

4If a virus pattern is matched, the ZyWALL removes the infected portion of the file along with the rest of the file. The un-infected portion of the file before a virus pattern was matched still goes through.

5If the send alert message function is enabled, the ZyWALL sends an alert to the file’s intended destination computer(s).

"Since the ZyWALL erases the infected portion of the file before sending it, you may not be able to open the file.

The following lists important notes about the anti-virus scanner:

1When a virus is detected, an alert message is displayed in Microsoft Windows computers.4

2The ZyWALL does not scan the following file/traffic types:

•Simultaneous downloads of a file using multiple connections. For example, when you use FlashGet to download sections of a file simultaneously.

4.Refer to Appendix D on page 707 if your Windows computer does not display the alert messages.