Configuring GAV Protocols

Application-level awareness of the type of protocol that is transporting the violation allows SonicWALL GAV to execute specific actions within the context of the application to gracefully handle the rejection of the payload.

1	Select which types of traffic to Enable Inbound Inspection for.

2	To scan outgoing SMTP mail, select to Enable Outbound Inspection on SMTP.

3	For more granular control over protocol traffic inspection, click the settings icon for each of the protocols you choose. The settings window displays and allows you to restrict transfer of the following possibly dangerous file types:

 

Table 41. Gateway AV File Restrictions

File Type	Security Issues
Password protected ZIP files	This option only functions on protocols (e.g. HTTP, FTP, SMTP) that are enabled for inspection.
MS-Office type files containing macros	Transfers of any MS Office 97 and above files that contain VBA macros.
Packed executable files (UPX, FSG, and so on.)	Disables the transfer of packed executable files. Packers are utilities which compress and sometimes encrypt executables. Although there are legitimate applications for these, they are also sometimes used with the intent of obfuscation, so as to make the executables less detectable by anti-virus applications. The packer adds a header that expands the file in memory, and then executes that file.

4	Click the Configure Gateway AV Settings link. The Gateway AV settings window displays. This window allows you to configure client notification alerts and create a SonicWALL GAV exclusion list.

5	To download the latest signature database from mysonicwall.com, click the Update Gateway AV Signature Database link.

6	Click Update when you are ready to save your changes.