Policies_SecurityServices_GatewayAnti-Virus_Snwls

Configuring the SonicWALL Gateway Anti-Virus

To configure SonicWALL Gateway Anti-Virus to begin protecting your network, you need to perform the following steps:

  1. Select the global icon, a group, or a SonicWALL appliance.
  2. Expand the Security Services tree and click Gateway AntiVirus. The Gateway AntiVirus screen displays).




  3. You can manually update your SonicWALL GAV database at any time by clicking the Update button. However, by default, the SonicWALL security appliance running SonicWALL GAV automatically checks for new signatures once an hour.
  4. Check the Enable Gateway Anti-Virus checkbox.
  5. If you have SonicWALL GMS-managed SonicWALL firewall appliances running SonicOS Standard, select the interface you want to enable Gateway Anti-Virus on. You can select from WAN, LAN/WorkPort, DMZ/HomePort/WLAN/OPT.
  6. Check the boxes corresponding to the Protocols you wish to enforce Inbound and Outbound inspection on.

Note: If your SonicWALL firewall appliance is running SonicOS Enhanced, you must enable Gateway Anti-Virus on the appropriate zone in the Network > Zones page before continuing.

Configuring GAV Settings

Perform the following steps to configure SonicWALL Gateway Anti-Virus settings and notification preferences:





  1. Select Enable Client Notification Alerts to send relevant blocked file notifications to users of the SonicWALL Desktop Anti-Virus client.
  2. Select Disable SMTP Responses to suppress the sending of email notifications when viruses are blocked at the gateway.
  3. Select Disable detection of EICAR test virus to ignore this test file. The EICAR file is a small file (but not actually a read virus) often used to test how virus protection mechanisms respond to a threat.
  4. It is not recommended to check the options for Enable HTTP Byte-Range requests with Gateway AV or Enable FTP ‘REST’ requests with Gateway AV unless directed to do so by a SonicWALL representative.
  5. Select Enable HTTP Clientless Notification Alerts to enable alerts about blocked content for clients who do not have SonicWALL Client Anti-Virus installed. These alerts are delivered by way of a standard HTML browser window. You may also enter a message below if using this notification type.
  6. If Enable Gateway AV Exclusion List is enabled, the SonicWALL security appliance bypasses AV enforcement for a specified IP range. This requires the addition of an IPS Range.

Configuring GAV Protocols

Application-level awareness of the type of protocol that is transporting the violation allows SonicWALL GAV to perform specific actions within the context of the application to gracefully handle the rejection of the payload.

  1. Select which types of traffic to Enable Inbound Inspection for.
  2. To scan outgoing SMTP mail, select to Enable Outbound Inspection on SMTP.
  3. For more granular control over protocol traffic inspection, click the settings icon



    for each of the protocols you choose. The settings window displays and allows you to restrict transfer of the following possibly dangerous file types:

    4. Table 20:

    File Type Security Issues

    Password protected ZIP files

    This option only functions on protocols (e.g. HTTP, FTP, SMTP) that are enabled for inspection.

    MS-Office type files con­taining macros

    Transfers of any MS Office 97 and above files that contain VBA macros.

    Packed executable files (UPX, FSG, etc.)

    Disables the transfer of packed executable files. Packers are utilities which compress and sometimes encrypt executa­bles. Although there are legitimate applications for these, they are also sometimes used with the intent of obfuscation, so as to make the executables less detectable by anti-virus applications. The packer adds a header that expands the file in memory, and then executes that file.

    Gateway AV File Restrictions

  4. Click the Configure Gateway AV Settings link. The Gateway AV settings window displays. This window allows you to configure client notification alerts and create a SonicWALL GAV exclusion list.
  5. To download the latest signature database from mysonicwall.com, click the Update Gateway AV Signature Database link.
  6. Click the Update button when you are ready to save your changes.

Viewing SonicWALL GAV Signatures

The Gateway Anti-Virus Signatures section allows you to view the contents of the SonicWALL GAV signature database. All the entries displayed in the Gateway Anti-Virus Signatures table are from the SonicWALL GAV signature database downloaded to your SonicWALL security appliance.

Note: Signature entries in the database change over time in response to new threats.

Displaying Signatures

You can display the signatures in a variety of views using the View Style menu.

Use Search String - Allows you to display signatures containing a specified string entered in the Lookup Signatures Containing String field.

All Signatures - Displays all the signatures in the table, 50 to a page.

0 - 9 - Displays signature names beginning with the number you select from the menu.

A-Z - Displays signature names beginning with the letter you select from menu.

Navigating the Gateway Anti-Virus Signatures Table

The SonicWALL GAV signatures are displayed fifty to a page in the Gateway Anti-Virus Signatures table. The Items field displays the table number of the first signature. If you’re displaying the first page of a signature table, the entry might be Items 1 to 50 (of 58). Use the navigation buttons to navigate the table.

Searching the Gateway Anti-Virus Signature Database

You can search the signature database by entering a search string in the Lookup Signatures Containing String field, then clicking the edit (Notepad) icon. The signatures that match the specified string are displayed in the Gateway Anti-Virus Signatures table.