Hackers use many methods to attack computers on the Internet. Viruses, including worms and Trojans, are malicious computer programs that self-replicate and put copies of themselves into other executable code or documents on your computer. When a computer is infected, the virus can destroy files or record key strokes.
To help protect your network from viruses, you can purchase the Gateway AntiVirus subscription service. Gateway AntiVirus operates with the SMTP, POP3, HTTP, FTP, and TCP-UDP proxies. When a new attack is identified, the features that make the virus unique are recorded. These recorded features are known as the signature. Gateway AV uses these signatures to find viruses when content is scanned by the proxy.
When you enable Gateway AV for a proxy, Gateway AV scans the content types configured for that proxy. Gateway AV can scan these compressed file types: .zip, .gzip, .tar, .jar, .rar, .chm, .lha, .pdf, XML/HTML container, OLE container (Microsoft Office documents), MIME (mainly email messages in EML format), .cab, .arj, .ace, .bz2 (Bzip), .swf (flash; limited support).
WatchGuard cannot guarantee that Gateway AV can stop all viruses, or prevent damage to your systems or networks from a virus.
You can see statistics on current Gateway AntiVirus activity on the Dashboard > Subscription Services page as described in Subscription Services Status and Manual Signatures Updates.
To activate Gateway AntiVirus, you must Get a Feature Key for Your Device and Manually Add or Remove a Feature Key.
New viruses appear on the Internet frequently. To make sure that Gateway AV gives you the best protection, you must update the signatures frequently. You can configure the XTM device to update the signatures automatically from WatchGuard, as described in Configure the Gateway AV Update Server. To see your signature update status or force a manual update, see Subscription Services Status and Manual Signatures Updates.
Gateway AV can work with the WatchGuard SMTP, POP3, HTTP, FTP, and TCP-UDP proxies. When you enable Gateway AV, these proxies examine various types of traffic and perform an action that you specify, such as to drop the connection or to block the packet and add its source address to the Blocked Sites list.
Gateway AV scans different types of traffic according to which proxy policies you use the feature with:
Each proxy that uses Gateway AV is configured with options that are special to that proxy. For example, the categories of items you can scan is different for each proxy.
For all proxies, you can limit file scanning up to a specified kilobyte count. The default scan limit and maximum scan limits are different for each XTM device model. The XTM device scans the start of each file up to the specified kilobyte count. This allows large files to pass with partial scanning.
For more information about the default and maximum scan limits for each XTM device model, see About Gateway AntiVirus Scan Limits.
To make sure Gateway AV has current signatures, you can enable automatic updates for the Gateway AV server, as described in Configure the Gateway AV Update Server.
Configure Gateway AntiVirus Actions