Antivirus control, Conditions and limitations of antivirus scan, Chapter 13 – Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 167: 1 conditions and limitations of antivirus scan

Advertising
background image

167

Chapter 13

Antivirus control

WinRoute provides antivirus check of objects (files) transmitted by HTTP, FTP, SMTP and POP3

protocols. In case of HTTP and FTP protocols, the WinRoute administrator can specify which

types of objects will be scanned.

WinRoute is also distributed in a special version which includes integrated McAfee antivirus.

Besides the integrated module, WinRoute also supports many external antiviruses of third

parties. Antivirus licenses must meet the license policy of a corresponding company (usually,

the license is limited by the same or higher number of users as WinRoute is licensed for, or

a server license).

WinRoute allows to use both the integrated McAfee antivirus and a selected external antivirus.

In such a case, transferred files are checked by both antiviruses (so called dual antivirus con-

trol). This feature reduces the risk of letting in a harmful file.

However, using of two antiviruses at a time also decreases the speed of firewall’s performance.

It is therefore highly recommended to consider thoroughly which method of antivirus check

should be used and to which protocols it should be applied and, if possible and desired, to try

the configuration in the trial version of WinRoute before purchasing a license.

Note:

1.

However, supported external antiviruses as well as versions and license policy of individ-

ual programs may change as the time flows. For up-to-date information please refer to

(

http://www.kerio.com/firewall

).

2.

External McAfee Anti-Virus programs are not supported by WinRoute.

13.1 Conditions and limitations of antivirus scan

Antivirus check of objects transferred by a particular protocol can be applied only to traffic

where a corresponding protocol inspector which supports the antivirus is used (see chap-

ter

14.3

). This implies that the antivirus check is limited by the following factors:

Antivirus check cannot be used if the traffic is transferred by a secured channel

(SSL/TLS). In such a case, it is not possible to decipher traffic and separate transferred

objects.

Within email antivirus scanning (SMTP and POP3 protocols), the firewall only removes

infected attachments — it is not possible to drop entire email messages. In case of

SMTP protocol, only incoming traffic is checked (i.e. traffic from the Internet to the

local network — incoming email at the local SMTP server). Check of outgoing traffic

causes problems with temporarily undeliverable email.

Advertising
Popular Brands
Popular manuals