Http and ftp scanning – Kerio Tech Firewall6 User Manual

Page 181

Advertising
background image

13.3 HTTP and FTP scanning

181

network send their email via an SMTP server located in the Internet. Checking of outgoing

SMTP traffic is not apt for local SMTP servers sending email to the Internet.

An example of a traffic rule for checking of outgoing SMTP traffic is shown at figure

13.6

.

Figure 13.6

An example of a traffic rule for outgoing SMTP traffic check

2.

Substandard extensions of the SMTP protocol can be used in case of communication of

two Microsoft Exchange mailservers. Under certain conditions, email messages are trans-

mitted in form of binary data. In such a case, WinRoute cannot perform antivirus check of

individual attachments.

In such cases, it is recommended to use an antivirus which supports Microsoft Exchange

and not to perform antivirus check of SMTP traffic of a particular server in WinRoute. To

achieve this, disable antivirus check for SMTP protocol or define a corresponding traffic

rule where no protocol inspector will be applied (see chapter

7.7

).

13.3 HTTP and FTP scanning

As for HTTP and FTP traffic, objects (files) of selected types are scanned.

The file just transmitted is saved in a temporary file on the local disk of the firewall. WinRoute

caches the last part of the transmitted file (segment of the data transferred) and performs

an antivirus scan of the temporary file. If a virus is detected in the file, the last segment of

the data is dropped. This means that the client receives an incomplete (damaged) file which

cannot be executed so that the virus cannot be activated. If no virus is found, WinRoute sends

the client the rest of the file and the transmission is completed successfully.

Optionally, a warning message informing about a virus detected can be sent to the user who

tried to download the file (see the Notify user by email option).

Warning

1.

The purpose of the antivirus check is only to detect infected files, it is not possible to heal

them!

2.

If the antivirus check is disabled in HTTP and FTP filtering rules, objects and files matching

corresponding rules are not checked. For details, refer to chapters

12.2

and

12.6

).

3.

Full functionality of HTTP scanning is not guaranteed if any non-standard extensions to

web browsers (e.g. download managers, accelerators, etc.) are used!

Advertising
Popular Brands
Popular manuals