About Gateway AntiVirus

Hackers use many methods to attack computers on the Internet. Viruses, including worms and Trojans, are malicious computer programs that self-replicate and put copies of themselves into other executable code or documents on your computer. When a computer is infected, the virus can destroy files or record key strokes.

To help protect your network from viruses, you can purchase the Gateway AntiVirus subscription service. Gateway AntiVirus operates with the SMTP, POP3, HTTP, FTP, and TCP-UDP proxies. When a new attack is identified, the features that make the virus unique are recorded. These recorded features are known as the signature. Gateway AV uses these signatures to find viruses when content is scanned by the proxy.

When you enable Gateway AV for a proxy, Gateway AV scans the content types configured for that proxy. Gateway AV/IPS can scan these compressed file types: .zip, .gzip, .tar, .jar, .rar, .chm, .lha, .pdf, XML/HTML container, OLE container (Microsoft Office documents), MIME (mainly email messages in EML format), .cab, .arj, .ace, .bz2 (Bzip), .swf (flash; limited support).

WatchGuard cannot guarantee that Gateway AV can stop all viruses, or prevent damage to your systems or networks from a virus.

You can see statistics on current Gateway AntiVirus activity on the Dashboard > Subscription Services page as described in Subscription Services Status and Manual Signatures Updates.

Install and Upgrade Gateway AV

To install Gateway AntiVirus, you must Get a Feature Key from LiveSecurity and Add a Feature Key to Your XTM Device.

New viruses appear on the Internet frequently. To make sure that Gateway AV gives you the best protection, you must update the signatures frequently. You can configure the XTM device to update the signatures automatically from WatchGuard, as described in Configure the Gateway AV Update Server. You can also Subscription Services Status and Manual Signatures Updates.

About Gateway AntiVirus and Proxy Policies

Gateway AV can work with the WatchGuard SMTP, POP3, HTTP, FTP, and TCP-UDP proxies. When you enable Gateway AV, these proxies examine various types of traffic and perform an action that you specify, such as to drop the connection or to block the packet and add its source address to the Blocked Sites list.

Gateway AV scans different types of traffic according to which proxy policies you use the feature with:

Each proxy that uses Gateway AV is configured with options that are special to that proxy. For example, the categories of items you can scan is different for each proxy.

For all proxies, you can limit file scanning up to a specified kilobyte count. The default scan limit and maximum scan limits are different for each XTM device model. The XTM device scans the start of each file up to the specified kilobyte count. This allows large files to pass with partial scanning.

For more information about the default and maximum scan limits for each XTM device model, see About Gateway AntiVirus Scan Limits.

To make sure Gateway AV has current signatures, you can enable automatic updates for the Gateway AV server, as described in Configure the Gateway AV Update Server.

See Also

Configure Gateway AntiVirus Actions

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base