Manualshelf

User`s manual

ManualsBrandsD-Link ManualsComputer equipmentD DFL-500 DFL-500
71727374757677787980
Worm protection for your internal network
Worm protection for incoming connections
Worm protection for your internal network
When configured for worm protection, the virus scanning engine checks HTTP requests by scanning their
originating web page for known worm patterns. For example, Code Red attempts to gain entry to MS IIS
servers by trying to exploit a known buffer overflow bug in these servers.
To scan SMTP, POP3, and IMAP email attachments for worms, the virus scanning engine looks for filenames
known to be used by worms. For example, the Nimda worm uses files named readme.exe and sample.exe.
If the virus scanning engine detects a worm, the file is deleted and replaced with an alert message.
To protect your internal network from worms, you must configure outgoing worm protection. Even though worms
are introduced to your internal network by being downloaded through your firewall, an outgoing connection from
your internal network to the web page or email server must first be started. It is this outgoing connection that triggers
worm protection.
To protect your internal network from worms:
Go to Anti-Virus > Config > Worm Protection.
Click Enable Worm Protection for Incoming Traffic to protect your internal network from worms.
Click Apply.
Worm protection for incoming connections
When configured for worm scanning, the virus scanning engine checks HTTP requests for worms by scanning
their originating web page for known worm patterns. For example, Code Red attempts to gain entry to MS IIS
servers by trying to exploit a known buffer overflow bug in these servers.
To scan SMTP, POP3, and IMAP email attachments for worms, the virus scanning engine looks for filenames
known to be used by worms. For example, the Nimda worm uses files named readme.exe and sample.exe.
If the virus scanning engine detects a worm, the file is deleted and replaced with an alert message.
Even though worms are distributed from your internal network by being uploaded through your firewall, an incoming
connection to a server on your internal network must first be started. It is this incoming connection that triggers DFL-
500 incoming virus protection.
To prevent the distribution of worms from servers on your internal network to the Internet:
Go to Anti-Virus > Config > Worm Protection.
Click Enable Worm Protection for Outgoing Traffic to scan content from web servers on your internal
network for worms before that content passes through the firewall.
Click Apply.
Updating your antivirus database
The antivirus database contains the information the virus scanning engine uses to scan files for viruses and
worms. This database is continuously updated by D-Link as new viruses and worms are encountered and
defined.
You should keep your antivirus database up to date so that the DFL-500 can protect your network from new
viruses. You can update your antivirus database manually, or you can configure the DFL-500 to update the
antivirus database automatically.
DFL-500 User’s Manual
76