Security Services > Gateway Anti-Virus Dell SonicWALL GAV delivers real-time virus protection directly on the Dell SonicWALL security appliance by using Dell SonicWALL’s IPS-Deep Packet Inspection v2.0 engine to inspect all traffic that traverses the Dell SonicWALL gateway. Building on Dell SonicWALL’s reassembly-free architecture, Dell SonicWALL GAV inspects multiple application protocols, as well as generic TCP streams, and compressed traffic. Because Dell SonicWALL GAV does not have to perform reassembly, there are no file-size limitations imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are also performed on a single-pass, per-packet basis. Dell SonicWALL GAV delivers threat protection directly on the Dell SonicWALL security appliance by matching downloaded or e-mailed files against an extensive and dynamically updated database of threat virus signatures. Virus attacks are caught and suppressed before they travel to desktops. New signatures are created and added to the database by a combination of Dell SonicWALL’s SonicAlert Team, third-party virus analysts, open source developers and other sources. Dell SonicWALL GAV can be configured to protect against internal threats as well as those originating outside the network. It operates over a multitude of protocols including SMTP, POP3, IMAP, HTTP, FTP, NetBIOS, instant messaging and peer-to-peer applications and dozens of other stream-based protocols, to provide administrators with comprehensive network threat prevention and control. Because files containing malicious code and viruses can also be compressed and therefore inaccessible to conventional anti-virus solutions, Dell SonicWALL GAV integrates advanced decompression technology that automatically decompresses and scans files on a per packet basis. Dell SonicWALL GAV delivers real-time virus protection directly on the Dell SonicWALL security appliance by using Dell SonicWALL’s IPS-Deep Packet Inspection v2.0 engine to inspect all traffic that traverses the Dell SonicWALL gateway. Building on Dell SonicWALL’s reassembly-free architecture, Dell SonicWALL GAV inspects multiple application protocols, as well as generic TCP streams, and compressed traffic. Because Dell SonicWALL GAV does not have to perform reassembly, there are no file-size limitations imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are also performed on a single-pass, per-packet basis. Topics: • Dell SonicWALL GAV Multi-Layered Approach • Dell SonicWALL GAV Architecture • Activating the Gateway Anti-Virus, Anti-Spyware, and IPS License • Activating FREE TRIALs • Setting Up Dell SonicWALL Gateway Anti-Virus Protection • Enabling Dell SonicWALL GAV • Applying Dell SonicWALL GAV Protection on Interfaces • Applying Dell SonicWALL GAV Protection on Zones • Viewing Dell SonicWALL GAV Status Information • Updating Dell SonicWALL GAV Signatures • Specifying Protocol Filtering • Enabling Inbound Inspection • Enabling Outbound Inspection • Restricting File Transfers • Configuring Gateway AV Settings • Configuring HTTP Clientless Notification • Configuring a Dell SonicWALL GAV Exclusion List • Cloud Anti-Virus Database • Viewing Dell SonicWALL GAV Signatures Dell SonicWALL GAV Multi-Layered Approach Dell SonicWALL GAV delivers comprehensive, multi-layered anti-virus protection for networks at the desktop, the network, and at remote sites. Dell SonicWALL GAV enforces anti-virus policies at the gateway to ensure all users have the latest updates and monitors files as they come into the network. Figure 40. SonicWALL GAV multi-layer approach Topics: • Remote Site Protection • Internal Network Protection • HTTP File Downloads • Server Protection Remote Site Protection 1 Users send typical e-mail and files between remote sites and the corporate office. 2 Dell SonicWALL GAV scans and analyses files and e-mail messages on the Dell SonicWALL security appliance. 3 Viruses are found and blocked before infecting remote desktop. 4 Virus is logged and alert is sent to administrator. Figure 41. Remove site protection Internal Network Protection 1 Internal user contracts a virus and releases it internally. 2 All files are scanned at the gateway before being received by other network users. 3 If virus is found, file is discarded. 4 Virus is logged and alert is sent to administrator. Figure 42. Internal network protection HTTP File Downloads 1 Client makes a request to download a file from the Web. 2 File is downloaded through the Internet. 3 File is analyzed the Dell SonicWALL GAV engine for malicious code and viruses. 4 If virus found, file discarded. 5 Virus is logged and alert sent to administrator. Figure 43. HTTP file downloads Server Protection 1 Outside user sends an incoming e-mail. 2 E-mail is analyzed the Dell SonicWALL GAV engine for malicious code and viruses before received by e-mail server. 3 If virus found, threat prevented. 4 E-mail is returned to sender, virus is logged, and alert sent to administrator. Figure 44. Server protection