What You Need To Know - ZyXEL Communications ZyWall ATP series User Manual

28.1.2 What You Need to Know

Anti-Malware Signatures
The Zyxel Device downloads two signature sets after it is registered and the anti-malware service is
activated at myZyxel. In addition to the anti-malware signature, the Zyxel Device also uses the Cloud
Threat Database signature, which comes from the sandboxing inspection results and helps the Zyxel
Device block possible malicious or suspicious files.
After the anti-malware license expires, you need to purchase an iCard for the signature you want to use
and extend it in the Registration > Service screen.
Virus and Worm
A computer virus is a small program designed to corrupt and/or alter the operation of other legitimate
programs. A worm is a self-replicating virus that resides in active memory and duplicates itself. The effect
of a virus attack varies from doing so little damage that you are unaware your computer is infected to
wiping out the entire contents of a hard drive to rendering your computer inoperable.
Zyxel Device Anti-Malware Scanner
The Zyxel Device has a built-in signature database. As a network-based anti-malware scanner, the Zyxel
Device helps stop threats at the network edge before they reach the local host computers.
You can set the Zyxel Device to examine files received through the following protocols:
• FTP (File Transfer Protocol)
• HTTP (Hyper Text Transfer Protocol)
• SMTP (Simple Mail Transfer Protocol)
• POP3 (Post Office Protocol version 3)
How the Zyxel Device Anti-Malware Scanner Works
The following describes the malware scanning process on the Zyxel Device.
The Zyxel Device first identifies SMTP, POP3, HTTP and FTP packets through standard ports.
1
If the packets are not session connection setup packets (such as SYN, ACK and FIN), the Zyxel Device
2
records the sequence of the packets.
The scanning engine checks the contents of the packets for malware.
3
If a malware pattern is matched, the Zyxel Device removes the infected portion of the file along with the
4
rest of the file. The uninfected portion of the file before a malware pattern was matched still goes
through.
Note:
If a malware pattern is matched, the Zyxel Device removes the infected portion of the file along
with the rest of the file. The uninfected portion of the file before a malware pattern was matched
still goes through.
sending it, you may not be able to open the file.
Chapter 28 Anti-Malware
Since the Zyxel Device erases the infected portion of the file before
ZyWALL ATP Series User's Guide
525