D-Link NetDefendOS User Manual page 544

The Signature Database
NetDefendOS anti-virus scanning is implemented using the SafeStream™ II virus signature
database. The SafeStream II database is created and maintained by Kaspersky, a company which
is a world leader in the field of virus detection. The database provides protection against virtually
all known virus threats including trojans, worms, backdoor exploits and others. The database is
also thoroughly tested to provide near zero false positives.
Database Updates
The SafeStream database is updated on a daily basis with new virus signatures. Older signatures
are seldom retired but instead are replaced with more generic signatures covering several
viruses. The local NetDefendOS copy of the SafeStream database should therefore be updated
regularly and this updating service is enabled as part of a D-Link subscription.
Database updating is described further in Appendix A, Subscribing to Updates along with a
description of anti-virus behavior after subscription expiry.
Auto-update Requires the Correct Time
It is important that a NetDefendOS has the correct system time set if the auto-update feature in
the anti-virus module can function correctly. An incorrect time can mean the auto-updating is
disabled.
The following CLI command will show the current status of the auto-update feature:
gw-world:/> updatecenter -status
This can also be done through the Web Interface.
Database Updates in HA Clusters
Updating the anti-virus databases for both the NetDefend Firewalls in an HA Cluster is performed
automatically by NetDefendOS. In a cluster there is always an active unit and an inactive unit.
Only the active unit in the cluster will perform regular checking for new database updates. If a
new database update becomes available the sequence of events will be as follows:
1. The active unit determines there is a new update and downloads the required files for the
update.
2. The active unit performs an automatic reconfiguration to update its database.
3. This reconfiguration causes a failover so the passive unit becomes the active unit.
4. When the update is completed, the newly active unit also downloads the files for the update
and performs a reconfiguration.
5. This second reconfiguration causes another failover so the passive unit reverts back to being
active again.
These steps result in both NetDefend Firewalls in a cluster having updated databases and with
the original active/passive roles. For more information about HA clusters refer to Chapter 11, High
Availability.
Anti-Virus with ZoneDefense
Anti-virus triggered ZoneDefense is a feature for isolating virus infected hosts and servers on a
544
Chapter 6: Security Mechanisms