Manualshelf

User guide

ManualsBrandsCheck Point Software Technologies ManualsNetworkingSafe@Office 1000NW
521522523524525526527528529530
Using VStream Antivirus
Chapter 15: Using Antivirus and Antispam Filtering 507
Using VStream Antivirus
The Safe@Office appliance includes VStream Antivirus, an embedded stream-based
antivirus engine based on Check Point Stateful Inspection and Application Intelligence
technologies, that performs virus scanning at the kernel level.
VStream Antivirus scans files for malicious content on the fly, without downloading the
files into intermediate storage. This means minimal added latency and support for
unlimited file sizes; and since VStream Antivirus stores only minimal state information per
connection, it can scan thousands of connections concurrently. In order to scan archive
files on the fly, VStream Antivirus performs real-time decompression and scanning of ZIP,
TAR, and GZ archive files, with support for nested archive files.
If you are subscribed to the VStream Antivirus subscription service, VStream Antivirus
virus signatures are automatically updated, so that security is always up-to-date, and your
network is always protected.
VStream Antivirus Actions
When VStream Antivirus detects malicious content, the action it takes depends on the
protocol in which the virus was found. See the following table. In each case, VStream
Antivirus blocks the file and writes a log to the Event Log.
Table 113: VStream Antivirus Actions
If a virus if found in
this protocol...
VStream Antivirus does this...
The protocol is detected
on this port...
HTTP
Terminates the
connection
All ports on which VStream
Antivirus is enabled by the
policy, not only port 80
POP3
Terminates the
connection
Deletes the virus-infected
email from the server
The standard TCP port 110.