Gateway Antivirus And Intrusion Prevention Service; Understanding Gateway Antivirus Settings - Watchguard Firebox X20E User Manual

15
Gateway AntiVirus and Intrusion
Prevention Service
There are many methods to attack computers on the Internet. The two primary categories of attack are
viruses and intrusions. Viruses, including worms and trojans, are malicious computer programs that
self-replicate and put copies of themselves into other executable code or documents on your com-
puter. When a computer is infected, the virus can destroy files or record key strokes. An intrusion is
when someone launches a direct attack on your computer. Usually the attack exploits a vulnerability in
an application. These attacks are created to cause damage to your network, get sensitive information,
or use your computers to attack other networks.
To help protect your network from viruses and intrusions, you can purchase the optional Gateway Anti-
Virus/Intrusion Prevention Service (Gateway AV/IPS) for the Firebox® X Edge e-Series to identify and
prevent attacks. The Intrusion Prevention Service and the Gateway AntiVirus Service operate with the
SMTP, POP3, HTTP, and FTP proxies. When a new attack is identified, the features that make the virus or
intrusion attack unique are recorded. These recorded features are known as the signature. Gateway
AV/IPS uses these signatures to find viruses and intrusion attacks when they are scanned by the proxy.
You must purchase the Gateway AV/IPS upgrade to use these services. For more information, visit the
WatchGuard LiveSecurity® web site at
reseller.
WatchGuard cannot guarantee that Gateway AV/IPS can stop all viruses or intrusions, or prevent dam-
age to your systems or networks from a virus or intrusion attack.

Understanding Gateway AntiVirus Settings

The Gateway AntiVirus Service works together with the SMTP, POP3, HTTP, and FTP proxies. If you have
not enabled these proxies they are automatically enabled with a default configuration when you
enable Gateway AV for that protocol.
If you enable Gateway AntiVirus with the POP3 or SMTP proxy, it finds viruses encoded with
•
frequently used email attachment methods. If a virus is found, the attachment is removed.
Gateway AntiVirus scans all emails with base64, binary, 7-bit, and 8-bit encoding and all
uuencoded email. Gateway AntiVirus blocks email that uses binhex encoding.
If you enable Gateway AntiVirus with the HTTP proxy, it finds viruses in content that users try to
•
download with HTTP, such as web pages. If a virus is found, the user's connection is dropped. The
user sees the custom deny message you set with your HTTP proxy configuration.
User Guide
http://www.watchguard.com/store or contact your WatchGuard
191