Activation; The Signature Database; Subscribing To The D-Link Anti-Virus Service - D-Link NetDefend DFL-210 User Manual

6.4.3. Activation

There is no fixed limit on how many Anti-Virus scans can take place simultaneously in a single D-
Link Firewall. However the available free memory can place a limit on the number of concurrent
scans that can be initiated. The administrator can increase the default amount of free memory avail-
able to Anti-Virus scanning through changing the AVSE_MAXMEMORY advanced setting. This
setting specifies what percentage of total memory is to be used for Anti-Virus scanning.
Protocol Specific Behaviour
Since Anti-Virus scanning is implemented through an Application Level Gateway (ALG), specific
protocol specific features are implemented in NetDefendOS. With FTP, for example, scanning is
aware of the dual control and data transfer channels that are opened and can send a request via the
control connection to stop a download if a virus in the download is detected.
6.4.3. Activation
Association with an ALG
Activation of Anti-Virus scanning is achieved through an Application Layer Gateway (ALG) associ-
ated with the targeted protocol. For instance, an HTTP ALG with Anti-Virus enabled can be created
for scanning HTTP downloads. The ALG must then be associated with a given Service which in
turn is used by a particular rule defined in the IP Rule-set.
Creating Anti-Virus Policies
Since IP Rule-set rules are the means by which the Anti-Virus feature is deployed, the deployment
can be policy based. IP rules can specify that the ALG and its associated Anti-Virus scanning can
apply to traffic going in a given direction and between specific source and destination IP addresses
and/or networks. Scheduling can also be applied to virus scanning so that it takes place only at spe-
cific times.

6.4.4. The Signature Database

SafeStream
NetDefendOS Anti-Virus scanning is implemented by D-Link using the "SafeStream" virus signa-
ture database. The SafeStream database is created and maintained by Kaspersky, a company which
is a world leader in the field of virus detection. The database provides protection against virtually all
known virus threats including trojans, worms, backdoor exploits and others. The database is also
thoroughly tested to provide near zero false positives.
Database Updates
The SafeStream database is updated on a daily basis with new virus signatures. Older signatures are
seldom retired but instead are replaced with more generic signatures covering several viruses. The
local NetDefendOS copy of the SafeStream database should therefore be updated regularly and this
updating service is enabled as part of the subscription to the D-Link Anti-Virus subscription.

6.4.5. Subscribing to the D-Link Anti-Virus Service

The D-Link Anti-Virus feature is purchased as an additional component to the base D-Link license
and is bought in the form of a renewable subscription. An Anti-Virus subscription includes regular
updates of the Kaspersky SafeStream database during the subscription period with the signatures of
the latest virus threats.
To subscribe to the Anti-Virus service please refer to the details described in Appendix A, Subscrib-
ing to Security Updates.
136
Chapter 6. Security Mechanisms