D-Link DFL-2500 User Manual

1. General options

Mode

This must be one of:
A. Enabled which means Anti-Virus is active.
B. Audit which means it is active but logging will be the only action.

Fail mode behaviour

If a virus scan fails for any reason then the transfer can be dropped or
allowed, with the event being logged.

2. File Type Blocking/Allowing

Action

When a particular download file type is encountered, the administrator can
explicitly state if the file is to be allowed or blocked as a download.

File types

The file type to be blocked or allowed can be added into the list. For example
"GIF" could be added.

If a filetype is on the allowed list then it should be noted that MIME matching will still take place
even if MIME matching is switched off (providing the filetype is part of the list in Appendix C,
Checked MIME filetypes). This is done to guard against an attack that tries to exploit the fact the
filetype is on the allowed list.

3. Scan Exclude Option

Certain filetypes may be explicitly excluded from virus-scanning if that is desirable. This can
increase overall throughput if an excluded filetype is a type which is commonly encountered in a
particular scenario.

4. Compression Ratio Limit

When scanning compressed files, NetDefendOS must apply decompression to examine the file's
contents. Some types of data can result in very high compression ratios where the compressed file is
a small fraction of the original uncompressed file size. This can mean that a comparatively small
compressed file attachment might need to be uncompressed into a much larger file which can place
an excessive load on NetDefendOS resources and noticeably slowdown throughput.

To prevent this situation, the administrator should specify a Compression Ratio limit. If the limit of
the ration is specified as 10 then this will mean that if the uncompressed file is 10 times larger than
the compressed file, the specified Action should be taken. The Action can be one of:

•

Allow - The file is allowed through without virus scanning

•

Scan - Scan the file for viruses as normal

•

Drop - Drop the file

In all three of the above cases the event is logged.

Verifying the MIME Type

The ALG File Integrity options can be utilized with Anti-Virus scanning to check that the file's
contents matches the MIME type it claims to be

The MIME type identifies a file's type. For instance a file might be identified as being of type .gif
and therefore should contain image data of that type. Some viruses can try to hide inside files by
using a misleading file type. A file might pretend to be a .gif file but the file's data will not match
that type's data pattern because it is infected with a virus.

6.4.6. Anti-Virus Options

Chapter 6. Security Mechanisms

185