Back=right
mouse click.
Back=right
mouse click.
FTP > Scan Rules | Virus Scan Rule
IWSVA can scan FTP traffic for both IPv4 and IPv6 servers based on predefined policies.
For the Proxy Deployment mode, IWSVA supports the deployment scenarios that follow and can auto-transition for FTP, HTTP, and HTTPS traffic between the IPv4 and IPv6 networks when deploying IWSVA as a dual stack network environment. This means the IPv4 client can also access an IPv6 server or an IPv6 client can access an IPv4 host with an IWSVA proxy along with an IPv4 client accessing an IPv4 client and an IPv6 client access IPv4 server.
No. |
Client |
Server |
Supported Y/N |
1 |
IPv4 |
IPv4 |
Y |
2 |
IPv6 |
IPv6 |
Y |
3 |
IPv4 |
IPv6 |
Y |
4 |
IPv6 |
IPv4 |
Y |
For other supported deployment modes, IWSVA cannot transition between IPv4 and IPv6 networks as the following table shows.
No. |
Client |
Server |
Supported Y/N |
1 |
IPv4 |
IPv4 |
Y |
2 |
IPv6 |
IPv6 |
Y |
3 |
IPv4 |
IPv6 |
N |
4 |
IPv6 |
IPv4 |
N |
The FTP virus scanning settings are similar to the HTTP scanning settings, with two differences:
FTP scanning does not support user or group-based policies; therefore, one configuration is applied to all clients that access the FTP sites through IWSVA.
The traffic direction to scan can be configured—either to uploads, downloads, or both.
Click Enable FTP Scanning at the top of the page to have IWSVA check incoming and/or outgoing FTP traffic for viruses, malicious code, and other Internet threats. Note: Disabling FTP scanning will not interrupt Internet traffic.
Scan Direction—You can have IWSVA scan FTP upload, download, or both.
Block These File Types—You can have IWSVA block certain file types, before starting the transfer; blocked files are not delivered to the client and are not scanned.
Check the box of a category to select all file types in that category.
Click "Show Details" and uncheck the file types that should be allowed within a check category.
Scan these file types—For the greatest protection against Internet threats, Trend Micro recommends that you scan all file types.
All scannable files: All files are scanned; determination of file type is based on file name only, but since all files are scanned, type is largely irrelevant.
IntelliScan: Only files of a type known to be potentially harmful are scanned; determination of file type is based on the internal file property.
Selected
file extensions: Only files of the type you specify are
scanned; determination of file type is based on file name only.
Compressed File Handling—Compressed files can pose a special security risk. They often contain numerous files any one of which may be harmful and may be password protected to thwart scanning. They can contain hundreds of compression layers, which can slow or stall processing. Malicious hackers can use them to smuggle harmful code past the scanner or take control of the system.
Large file handling—When transferring large files,
users may notice a lag, or the FTP client may time out while IWSVA
is scanning the file. The impact is not usually noticed on transfers
of less than 100MB, but the exact tipping point obviously depends
on bandwidth, hardware, proxy performance, compression layers, and
file size.
A percentage of external data received by IWSVA is sent to the FTP
client in chunks without scanning. The last chunk is sent to
the FTP client to complete the download only after the entire set
of data is received and scanned. Sending smaller chunks not
only maintains the IWSVA - FTP client connection, but also keeps end-users
posted of the download progress.
Quarantined File Handling—Trend Micro recommends that you encrypt quarantined files. The default quarantine directory is:
/var/iwss/quarantine
You can change the location in the Administration > IWSVA Configuration > Quarantine Management page.