Antivirus control, Conditions and limitations of antivirus scan, Chapter 13 – Kerio Tech Firewall6 User Manual

Page 176: 1 conditions and limitations of antivirus scan

Advertising
background image

176

Chapter 13

Antivirus control

WinRoute provides antivirus check of objects (files) transmitted by HTTP, FTP, SMTP and POP3

protocols. In case of HTTP and FTP protocols, the WinRoute administrator can specify which

types of objects will be scanned.

WinRoute is also distributed in a special version which includes integrated McAfee antivirus.

Besides the integrated antivirus, WinRoute supports several antivirus programs developed by

various companies, such as Eset Software, Grisoft, F-Secure, etc.). Antivirus licenses must meet

the license policy of a corresponding company (usually, the license is limited by the same or

higher number of users as WinRoute is licensed for, or a server license).

Since 6.2.0, WinRoute enables to combine the integrated McAfee antivirus with a supported

external antivirus. In such a case, transferred files are checked by both antiviruses (so called

dual antivirus control). This feature reduces the risk of letting in a harmful file.

However, using of two antiviruses at a time also decreases the speed of firewall’s performance.

It is therefore highly recommended to consider thoroughly which method of antivirus check

should be used and to which protocols it should be applied and, if possible and desired, to try

the configuration in the trial version of WinRoute before purchasing a license.

Note:

1.

However, supported external antiviruses as well as versions and license policy of individ-

ual programs may change as the time flows. For up-to-date information please refer to

(

http://www.kerio.com/kwf

).

2.

External McAfee Anti-Virus programs are not supported by WinRoute.

13.1 Conditions and limitations of antivirus scan

Antivirus check of objects transferred by a particular protocol can be applied only to traffic

where a corresponding protocol inspector which supports the antivirus is used (see chap-

ter

14.3

). This implies that the antivirus check is limited by the following factors:

Antivirus check cannot be used if the traffic is transferred by a secured channel

(SSL/TLS). In such a case, it is not possible to decipher traffic and separate transferred

objects.

Within email antivirus scanning (SMTP and POP3 protocols), the firewall only removes

infected attachments — it is not possible to drop entire email messages. In case of

SMTP protocol, only incoming traffic is checked (i.e. traffic from the Internet to the

Advertising
Popular Brands
Popular manuals