Activating Anti-Virus Scanning - D-Link NetDefend DFL-210 User Manual

6.4.6. Anti-Virus Options
Enabling of this function is recommended to make sure this form of attack cannot allow a virus to
get through. The possible MIME types that can be checked are listed in Appendix C, Checked
MIME filetypes.
Setting the Correct System Time
It is important that a NetDefendOS has the correct system time set if the auto-update feature in the
Anti-Virus module can function correctly. An incorrect time can mean the auto-updating is disabled.
The console command
> updatecenter -status
will show the current status of the auto-update feature. This can also be done through the WebUI.
Updating in High Availability Clusters
Updating the Anti-Virus databases for both the D-Link Firewalls in an HA Cluster is performed
automatically by NetDefendOS. In a cluster there is always an active unit and an inactive unit. Only
the active unit in the cluster will perform regular checking for new database updates. If a new
database update becomes available the sequence of events will be as follows:
1. The active unit determines there is a new update and downloads the required files for the
update.
2. The active unit performs an automatic reconfiguration to update its database.
3. This reconfiguration causes a failover so the passive unit becomes the active unit.
4. When the update is completed, the newly active unit also downloads the files for the update
and performs a reconfiguration.
5. This second reconfiguration causes another failover so the passive unit reverts back to being
active again.
These steps result in both D-Link Firewalls in a cluster having updated databases and with the
original active/passive roles. For more information about HA clusters refer to Chapter 11, High
Availability.
Example 6.18. Activating Anti-Virus Scanning
This example shows how to setup an Anti-Virus scanning policy for HTTP traffic from lannet to all-nets We will
assume there is already a NAT rule defined in the IP rule set to handle this traffic.
CLI
First, create an HTTP Application Layer Gateway (ALG) Object with Anti-Virus scanning enabled:
gw-world:/> set ALG ALG_HTTP anti_virus Antivirus=Protect
Then, create a Service object using the new HTTP ALG:
gw-world:/> add ServiceTCPUDP http_anti_virus Type=TCP DestinationPorts=80
Finally, modify the NAT rule to use the new service:
gw-world:/> set IPRule NATHttp Service=http_anti_virus
Web Interface
A. First, create an HTTP Application Layer Gateway (ALG) Object:
ALG=anti_virus
186
Chapter 6. Security Mechanisms