ZyXEL Communications 200 Series User Manual
Chapter 28 Anti-Virus
ZyWALL USG 100/200 Series User’s Guide
470
28.1.2 What You Need to Know About Anti-Virus
Anti-Virus Engines
Subscribe to signature files for ZyXEL’s anti-virus engine or one powered by Kaspersky.
When using the trial, you can switch from one engine to the other in the Registration screen.
After the trial expires, you need to purchase an iCard for the anti-virus engine you want to use
and register it in the Registration > Service screen. You must use the ZyXEL anti-virus iCard
for the ZyXEL anti-virus engine and the Kaspersky anti-virus iCard for the Kaspersky anti-
virus engine. See
When using the trial, you can switch from one engine to the other in the Registration screen.
After the trial expires, you need to purchase an iCard for the anti-virus engine you want to use
and register it in the Registration > Service screen. You must use the ZyXEL anti-virus iCard
for the ZyXEL anti-virus engine and the Kaspersky anti-virus iCard for the Kaspersky anti-
virus engine. See
for details.
Virus and Worm
A computer virus is a small program designed to corrupt and/or alter the operation of other
legitimate programs. A worm is a self-replicating virus that resides in active memory and
duplicates itself. The effect of a virus attack varies from doing so little damage that you are
unaware your computer is infected to wiping out the entire contents of a hard drive to
rendering your computer inoperable.
legitimate programs. A worm is a self-replicating virus that resides in active memory and
duplicates itself. The effect of a virus attack varies from doing so little damage that you are
unaware your computer is infected to wiping out the entire contents of a hard drive to
rendering your computer inoperable.
ZyWALL Anti-Virus Scanner
The ZyWALL has a built-in signature database. Setting up the ZyWALL between your local
network and the Internet allows the ZyWALL to scan files transmitting through the enabled
interfaces into your network. As a network-based anti-virus scanner, the ZyWALL helps stop
threats at the network edge before they reach the local host computers.
network and the Internet allows the ZyWALL to scan files transmitting through the enabled
interfaces into your network. As a network-based anti-virus scanner, the ZyWALL helps stop
threats at the network edge before they reach the local host computers.
You can set the ZyWALL to examine files received through the following protocols:
• FTP (File Transfer Protocol)
• HTTP (Hyper Text Transfer Protocol)
• SMTP (Simple Mail Transfer Protocol)
• POP3 (Post Office Protocol version 3)
• IMAP4 (Internet Message Access Protocol version 4)
How the ZyWALL Anti-Virus Scanner Works
The following describes the virus scanning process on the ZyWALL.
1 The ZyWALL first identifies SMTP, POP3, IMAP4, HTTP and FTP packets through
standard ports.
2 If the packets are not session connection setup packets (such as SYN, ACK and FIN), the
ZyWALL records the sequence of the packets.
3 The scanning engine checks the contents of the packets for virus.
4 If a virus pattern is matched, the ZyWALL removes the infected portion of the file along
4 If a virus pattern is matched, the ZyWALL removes the infected portion of the file along
with the rest of the file. The un-infected portion of the file before a virus pattern was
matched still goes through.
matched still goes through.
5 If the send alert message function is enabled, the ZyWALL sends an alert to the file’s
intended destination computer(s).