Virus Blockers (Common) FAQs

From Edge Threat Management Wiki - Arista
Revision as of 06:37, 30 June 2015 by Dmorris (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Virus Blockers (Common) FAQs

If I use the Untangle Server, do I need to install virus software on individual network computers?

If you have Untangle's Virus Blockers running on the Untangle Server, the Untangle Server scans all inbound and outbound email traffic that goes through the Untangle Server. This protection is your first layer of protection. Imagine this scenario:

Angela is a Resume Writer at Angelic Resumes, Inc. One day she works from a remote location, and downloads an infected file from the Internet to her personal laptop, then to her USB drive. She returns to the office the next day, and, using the USB drive, saves the infected file directly to her desktop computer. Her desktop computer is now infected with a virus. To make matters worse, she emails that file to her coworkers. Her coworkers download the file, and now their desktops are also infected.

In this scenario the file was transferred without going through the Untangle Server. If Angela had emailed the file to her coworkers work email accounts from her personal email account, that email would have passed through the Untangle Server, and the Untangle Server would have prevented the virus from entering your protected network.

You cannot fully ensure that all traffic enters and exits your Untangle Server, Untangle recommends an additional layer of protection. Consider installing anti-virus software on all network desktops and laptops.

What happens to virus hoaxes?

Spam Blocker, not Virus Blocker or Kaspersky Virus Blocker, blocks virus hoaxes because this type of email is spam, and does not carry an actual virus.

If I have both virus blockers installed, are one or both used and in which order?

If you have both virus scanners installed, Virus Blocker is applied to a message first: if a message passes Virus Blocker, then and only then is Virus Blocker Lite applied to the message (there's no point in scanning the message twice if the first scanner has rejected it.) This is not to say one scanner is inherently better than the another: note that Virus Blocker is complemented by Virus Blocker Lite and in the case of a virus-free message, the computational overhead of the virus scan includes both scanners; where as a message that would be rejected by both scanners incurs the computational and time cost of just KAV. T perform a valid comparison, you should run test messages through the Untangle Gateway with no scanners installed, Virus Blocker by itself, the Virus Blocker Lite by itself and lastly both scanners installed together and compare the results.

How can I test that viruses are being blocked?

An easy way to test HTTP virus scanning is to download the eicar test from a machine behind Untangle. If virus scanning is not working the file will download successfully (it is harmless). If it is working a block page will be displayed.

Why does the Event Log say this file is blocked, but I can still download it?

When downloading over the web small files are blocked with a block page. Larger files are treated differently. They are fed to the client at a slower rate than they are actually downloaded so the client does not time out while the download happens. After Untangle scans the complete file it will either refuse to send the rest if there is a virus or immediately send the rest. This means for large files the event log says the file is "blocked" then checking the file size on the client will show that you do not actually have the complete file.

Emails with larger attachments somehow disappear or are not delivered. Why?

While Untangle is scanning attachments your email server is still waiting for the message, most likely triggering a timeout setting. If you're using MS Exchange, you'll want to increase the ConnectionInactivityTimeout setting.