Anti-Virus Options - D-Link NetDefend DFL-210 User Manual

6.4.6. Anti-Virus Options

6.4.6. Anti-Virus Options
When configuring Anti-Virus scanning in an ALG, the following parameters can be set:
1. General options
Mode
Verify MIME type
Max download size
Fail mode behaviour
2. File type blocking/allowing
Action
File types
If a filetype is on the allowed list then it should be noted that MIME matching will still take place
even if MIME matching is switched off (providing the filetype is part of the list in Appendix C,
Anti-Virus MIME filetypes). This is done to guard against an attack that tries to exploit the fact the
filetype is on the allowed list.
3. Scan exclude option
Certain filetypes may be explicitly excluded from virus-scanning if that is desirable. This can in-
crease overall throughput if an excluded filetype is a type which is commonly encountered in a par-
ticular scenario.
4. Compression Ratio Limit
When scanning compressed files, NetDefendOS must apply decompression to examine the file's
contents. Some types of data can result in very high compression ratios where the compressed file is
a small fraction of the original uncompressed file size. This can mean that a comparatively small
compressed file attachment might need to be uncompressed into a much larger file which can place
an excessive load on NetDefendOS resources and noticeably slowdown throughput.
When Enabled Anti-Virus is active
The MIME type identifies a file's type. For instance a file might be
identified as being of type .gif and therefore should contain image
data of that type. Some viruses can try to hide inside files by using a
misleading file type. A file might pretend to be a .gif file but the file's
data will not match that type's data pattern because it is infected with
a virus.
NetDefendOS can check that the file's contents matches the MIME
type it claims to be. Enabling of this function is recommended to
make sure this form of attack cannot allow a virus to¨get through.
The possible MIME types that can be checked are listed in Ap-
pendix C, Anti-Virus MIME filetypes.
The size of any single component in an single transfer can be limited.
If a virus scan fails for any reason then the transfer can be dropped or
allowed, with the event being logged.
When a particular download file type is encountered, the administrator can expli-
citly state if the file is to be allowed or blocked as a download.
The file type to be blocked or allowed eg. GIF, can be added into the list
137
Chapter 6. Security Mechanisms