SonicOS 7.0 Objects
- SonicOS 7.0
- Match Objects
- Zones
- How Zones Work
- Default Zones
- Security Types
- Allow Interface Trust
- Effect of Wireless Controller Modes
- Zones Overview
- The Zones Page
- Adding a New Zone
- Adding a New Zone in Policy Mode
- Adding a New Zone in Classic Mode
- Configuring a Zone for Guest Access
- Configuring a Zone for Open Authentication and Social Login
- Configuring the WLAN Zone
- Configuring the RADIUS Server
- Configuring DPI-SSL Granular Control per Zone
- Enabling Automatic Redirection to the User-Policy Page
- Cloning a Zone
- Editing a Zone
- Deleting Custom Zones
- Addresses
- Addresses Page
- About UUIDs for Address Objects and Groups
- Working with Dynamic Address Objects
- Services
- URI Lists
- Schedules
- Dynamic Group
- Email Addresses
- Match Objects
- Countries
- Applications
- Web Categories
- Websites
- Match Patterns
- Custom Match
- Profile Objects
- Endpoint Security
- Bandwidth
- QoS Marking
- Content Filter
- DHCP Option
- Block Page
- Anti-Spyware
- Gateway Anti-Virus
- Log and Alerts
- Intrusion Prevention
- AWS
- Action Profiles
- Security Action Profile
- DoS Action Profile
- Action Objects
- App Rule Actions
- Content Filter Actions
- Object Viewer
- SonicWall Support
Anti-Virus
SonicWall Gateway Anti-Virus (GAV) service delivers real-time virus protection directly on the SonicWall network security appliance by using SonicWall's IPS-Deep Packet Inspection v2.0 engine to inspect all traffic that traverses the SonicWall gateway. Building on SonicWall's reassembly-free architecture, SonicWall GAV inspects multiple application protocols, as well as generic TCP streams, and compressed traffic. Because SonicWall GAV does not have to perform reassembly, there are no file-size limitations imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are also performed on a single-pass, per-packet basis.
SonicWall GAV delivers threat protection by matching downloaded or emailed files against an extensive and dynamically updated database of threat virus signatures. Virus attacks are caught and suppressed before they travel to desktops. New signatures are created and added to the database by a combination of SonicWall's SonicAlert Team, third-party virus analysts, open source developers, and other sources.
SonicWall GAV can be configured to protect against internal threats as well as those originating outside the network. It operates over a multitude of protocols including SMTP, POP3, IMAP, HTTP, FTP, NetBIOS, instant messaging and peer-to-peer applications, and dozens of other stream-based protocols, to provide you with comprehensive network threat prevention and control. Because files containing malicious code and viruses can also be compressed and therefore inaccessible to conventional anti-virus solutions, SonicWall GAV integrates advanced decompression technology that automatically decompresses and scans files on a per-packet basis.
SonicWall GAV parses supported email protocols for the header fields To, CC, and BCC. The information in these fields are displayed and logged in Capture ATP for both sender and receiver.
To configure an Anti-Virus Security Action Profile
- Navigate to OBJECT | Action Profiles > Security Action Profile.
-
Do one of the following:
-
Add a new Security Action Profile.
- Click the Add icon.
- Enter an Action Profile Name.
-
Edit an existing Security Action Profile.
Hover over an existing Security Action Profile and click the Edit icon.
-
-
Click the Anti-Virus tab.
-
Set the ANTI-VIRUS PROFILE options.
Enable Gateway Anti-Virus To enable SonicWallGateway Anti-Virus. You must specify the zones you want SonicWall Gateway Anti-Virus protection on the NETWORK | System > Interfaces page.
Enable Cloud Gateway Anti-Virus Database To enable SonicWall Anti-Virus protection if your Anti-Virus software exists in the Cloud. Inbound Inspection To inspect all inbound HTTP, FTP, IMAP, SMTP, and POP3 traffic.
By the default, SonicWall Gateway Anti-Virus inspects all inbound HTTP, FTP, IMAP, SMTP, and POP3 traffic. Within the context of SonicWall Gateway Anti-Virus, enabling the Inbound Inspection protocol traffic handling refers to:
- Non-SMTP traffic initiating from a Trusted, Wireless, or Encrypted zone destined to any zone.
- Non-SMTP traffic from a Public zone destined to an Untrusted zone.
- SMTP traffic initiating from a non-Trusted zone destined to a Trusted, Wireless, Encrypted, or Public zone.
- SMTP traffic initiating from a Trusted, Wireless, or Encrypted zone destined to a Trusted, Wireless, or Encrypted zone.
Outbound Inspection To inspect all outbound HTTP, FTP, SMTP, and TCP traffic. Prevent To restrict the transfer of files with specific attributes. Enabling Prevent restricts data file transfers for each protocol, except the TCP Stream. Log To keep a record of your SonicWall Gateway Anti-Virus traffic. -
Set the APPLICATION PROTOCOL SETTINGS options.
Restrict Transfer of password-protected Zip files To restrict the transfer of password protected ZIP files over any enabled protocol. This option only functions on protocols (for example, HTTP, FTP, SMTP) that are enabled for inspection. Restrict Transfer of MS-Office type files containing macros (VBA 5 and above) To restrict the transfer of any MS-Office 97 and above files that contain VBA macros. Restrict Transfer of packed executable files (UPX, FSG, etc.) To restrict the transfer of packed executable files.
Packers are utilities that compress and sometimes encrypt executables. Although there are legitimate applications for these, they are also sometimes used with the intent of obfuscation, so as to make the executables less detectable by anti-virus applications. The packer adds a header that expands the file in memory, and then executes that file.
SonicWall Gateway Anti-Virus currently recognizes the most common packed formats: UPX, FSG, PKLite32, Petite, and ASPack. Additional formats are dynamically added along with SonicWall Gateway Anti-Virus signature updates.
Disable SMTP Responses To suppress the sending of e-mail messages (SMTP) to clients from SonicWall Gateway Anti-Virus when a virus is detected in an e-mail or attachment. Disable detection of EICAR Test Virus To suppress the detection of the EICAR.
The EICAR Standard Anti-Virus Test file is a special virus simulator file that checks and confirms the correct operation of the SonicWall Gateway Anti-Virus service.
Enable HTTP Byte-Range requests with Gateway AV To allow the sending of byte serving, the process of sending only a portion of an HTTP message or file.
The SonicWall Gateway Anti-Virus security service, by the default, suppresses the use of HTTP Byte-Range requests to prevent the sectional retrieval and reassembly of potentially malicious content. This is done by terminating the connection and thus preventing the user from receiving the malicious payload. By enabling this setting you can override the default behavior.
This option is selected by the default.
Enable FTP 'REST' requests with Gateway AV To allow the use of the FTP REST request to retrieve and reassemble sectional messages and files.
The Gateway Anti-Virus service, by the default, suppresses the use of the FTP REST (restart) request to prevent the sectional retrieval and reassembly of potentially malicious content. This is done by terminating the connection and thus preventing the user from receiving the malicious payload. By enabling this setting you override this default behavior.
Do not scan parts of files with high compression rates To suppress the scanning of files, or parts of files, that have high compression rates.
- Click Save.
Was This Article Helpful?
Help us to improve our support portal