Types Of Anti-Virus Scanner; Introduction To The Zywall Anti-Virus Scanner; How The Zywall Anti-Virus Scanner Works - ZyXEL Communications ZYWALL 35 User Manual

Chapter 14 Anti-Virus
3 The infected files are unintentionally sent to another computer thus starting the spread of
the virus.
4 Once the virus is spread through the network, the number of infected networked
computers can grow exponentially.

14.1.3 Types of Anti-Virus Scanner

The section describes two types of anti-virus scanner: host-based and network-based.
A host-based anti-virus (HAV) scanner is often software installed on computers and/or servers
in the network. It inspects files for virus patterns as they are moved in and out of the hard
drive. However, host-based anti-virus scanners cannot eliminate all viruses for a number of
reasons:
• HAV scanners are slow in stopping virus threats through real-time traffic (such as from
the Internet).
• HAV scanners may reduce computing performance as they also share the resources (such
as CPU time) on the computer for file inspection.
• You have to update the virus signatures and/or perform virus scans on all computers in the
network regularly.
A network-based anti-virus (NAV) scanner is often deployed as a dedicated security device
(such as your ZyWALL) on the network edge. NAV scanners inspect real-time data traffic
(such as E-mail messages or web) that tends to bypass HAV scanners. The following lists
some of the benefits of NAV scanners.
• NAV scanners stops virus threats at the network edge before they enter or exit a network.
• NAV scanners reduce computing loading on computers as the read-time data traffic
inspection is done on a dedicated security device.

14.2 Introduction to the ZyWALL Anti-Virus Scanner

The ZyWALL has a built-in signature database. Setting up the ZyWALL between your local
network and the Internet allows the ZyWALL to scan files transmitting through the enabled
interfaces into your network. As a network-based anti-virus scanner, the ZyWALL helps stop
threats at the network edge before they reach the local host computers.
You can set the ZyWALL to examine files received through the following protocols:
• FTP (File Transfer Protocol)
• HTTP (Hyper Text Transfer Protocol)
• SMTP (Simple Mail Transfer Protocol)
• POP3 (Post Office Protocol version 3)

14.2.1 How the ZyWALL Anti-Virus Scanner Works

The ZyWALL checks traffic going in the direction(s) you specify for signature matches.
In the following figure the ZyWALL is set to check traffic coming from either WAN interface
to the LAN.
296
ZyWALL 5/35/70 Series User's Guide