To select antiviruses and set their parameters, open the Antivirus tab in Configuration → Content Filtering → Antivirus. Ob this tab, you can select the integrated McAfee module, an external antivirus, or both.
If both antiviruses are used, each transferred object (downloaded file, an email attachment, etc.) will be first checked by the integrated McAfee antivirus module and then by the other antivirus (a selected external antivirus).
To enable the integrated McAfee antivirus, enable Use integrated McAfee antivirus engine in the Antivirus tab. This option is not available unless the license key for WinRoute includes a license for the McAfee antivirus or in trial versions. For detailed information about the licensing policy, read chapter 4 Product Registration and Licensing4 Product Registration and Licensing.
Use the Integrated antivirus engine section in the Antivirus tab to set update parameters for McAfee.
Time interval of checks for new updates of the virus database and the antivirus engine (in hours).
If any new update is available, it will be downloaded automatically by WinRoute.
If the update attempt fails (i.e. the server is not available), detailed information about the attempt will be logged into the Error log (refer to chapter 22.8 Error Log).
Each download (update) attempt sets the Last update check performed value to zero.
To make the antivirus control as mighty as possible, it is necessary that the antivirus module is always equipped by the most recent version of the virus database. Therefore, it is recommended to keep automatic updates running and not to set too long intervals between update checks (update checks should be performed at least twice a day).
Information regarding the age of the current database.
Note: If the value is too high, this may indicate that updates of the database have failed several times. In such cases, we recommend you to perform a manual update check by the button and view the Error log.
Time that has passed since the last update check.
Database version that is currently used.
McAfee scanning engine version used by WinRoute.
Use this button for immediate update of the virus database and of the scanning engine.
After you run the update check using the
button, an informational window displaying the update check process will be opened. You can use the button to close it — it is not necessary to wait until the update is finished.If updated successfully, the version number of the new virus database or/and the new antivirus version(s), as well as information regarding the age of the current virus database will be displayed. If the update check fails (i.e. the server is not available), an error will be reported and detailed information about the update attempt will be logged into the Error log.
Each download (update) attempt sets the Last update check performed value to zero.
For external antivirus, enable the Use external antivirus option in the Antivirus tab and select an antivirus to be employed from the combo box. This menu provides all external antivirus programs supported in WinRoute by special plugins.
External antivirus must be installed before it is set in WinRoute, otherwise it is not available in the combo box. It is recommended to stop the WinRoute Firewall Engine service before an antivirus installation.
Use the Options button to set advanced parameters for the selected antivirus. Dialogs for individual antiviruses differ (some antivirus programs may not require any additional settings). For detailed information about installation and configuration of individual antivirus programs, refer to http://www.kerio.com/kwf.
Click Error log (see chapter 22.8 Error Log).
to test the selected antivirus. If the test is passed successfully, the antivirus will be used from the moment on. If not, an error is reported and no antivirus will be set. Detailed information about the failure will be reported in theCheck items in the Settings section of the Antivirus tab to enable antivirus check for individual application protocols. By default, antivirus check is enabled for all supported modules.
In Settings, maximum size of files to be scanned for viruses at the firewall can be set. Scanning of large files are demanding for time, the processor and free disk space, which might affect the firewall's functionality dramatically. It might happen that the connection over which the file is transferred is interrupted when the time limit is exceeded.
The optimal value of the file size depends on particular conditions (the server's performance, load on the network, type of the data transmitted, antivirus type, etc.). Caution! We strongly discourage administrators from changing the default value for file size limit. In any case, do not set the value to more than 4 MB.
Parameters for HTTP and FTP scanning can be set in the HTTP and FTP scanning (refer to chapter 13.3 HTTP and FTP scanning), while SMTP and POP3 scanning can be configured in the Email scanning tab (see chapter 13.4 Email scanning).
In case of SMTP protocol, only incoming traffic is checked (i.e. traffic from the Internet to the local network — incoming email at the local SMTP server). Checks of outgoing SMTP traffic (from the local network to the Internet) might cause problems with temporarily undeliverable email — for example in cases where the destination SMTP server uses so called greylisting.
To perform smooth checks of outgoing traffic, define a corresponding traffic rule using the SMTP protocol inspector. Such rule may be useful for example if clients in the local network send their email via an SMTP server located in the Internet. Checking of outgoing SMTP traffic is not apt for local SMTP servers sending email to the Internet.
An example of a traffic rule for checking of outgoing SMTP traffic is shown at figure 13.6 An example of a traffic rule for outgoing SMTP traffic check.
Substandard extensions of the SMTP protocol can be used in case of communication of two Microsoft Exchange mailservers. Under certain conditions, email messages are transmitted in form of binary data. In such a case, WinRoute cannot perform antivirus check of individual attachments.
In such cases, it is recommended to use an antivirus which supports Microsoft Exchange and not to perform antivirus check of SMTP traffic of a particular server in WinRoute. To achieve this, disable antivirus check for SMTP protocol or define a corresponding traffic rule where no protocol inspector will be applied (see chapter 7.7 Partial Retirement of Protocol Inspector).