FTP Virus Scan Rule Parent topic

FTP > Scan Rules | Virus Scan Rule
IWSVA can scan FTP traffic for both IPv4 and IPv6 servers based on predefined policies.
For the Proxy Deployment mode, IWSVA supports the deployment scenarios that follow and can auto-transition for FTP, HTTP, and HTTPS traffic between the IPv4 and IPv6 networks when deploying IWSVA as a dual stack network environment. This means the IPv4 client can also access an IPv6 server or an IPv6 client can access an IPv4 host with an IWSVA proxy along with an IPv4 client accessing an IPv4 client and an IPv6 client access IPv4 server.
Proxy Deployment Mode Scanning Scenarios Supported
No.
Client
Server
Supported Y/N
1
IPv4
IPv4
Y
2
IPv6
IPv6
Y
3
IPv4
IPv6
Y
4
IPv6
IPv4
Y
For other supported deployment modes, IWSVA cannot transition between IPv4 and IPv6 networks as the following table shows.
Other Deployment Mode Scanning Scenarios Supported
No.
Client
Server
Supported Y/N
1
IPv4
IPv4
Y
2
IPv6
IPv6
Y
3
IPv4
IPv6
N
4
IPv6
IPv4
N
The FTP virus scanning settings are similar to the HTTP scanning settings, with two differences:
  • FTP scanning does not support user or group-based policies; therefore, one configuration is applied to all clients that access the FTP sites through IWSVA.
  • The traffic direction to scan can be configured—either to uploads, downloads, or both.
Click Enable FTP Scanning at the top of the page to have IWSVA check incoming and/or outgoing FTP traffic for viruses, malicious code, and other Internet threats.
Note
Note
Disabling FTP scanning will not interrupt Internet traffic.
  • Scan Direction—You can have IWSVA scan FTP upload, download, or both.
  • Block These File TypesYou can have IWSVA block certain file types, before starting the transfer; blocked files are not delivered to the client and are not scanned.
    • Check the box of a category to select all file types in that category.
    • Click "Show Details" and uncheck the file types that should be allowed within a check category.
  • Scan these file types—For the greatest protection against Internet threats, Trend Micro recommends that you scan all file types.
    • All scannable files: All files are scanned; determination of file type is based on file name only, but since all files are scanned, type is largely irrelevant.
    • IntelliScan: Only files of a type known to be potentially harmful are scanned; determination of file type is based on the internal file property.
    • Selected file extensions: Only files of the type you specify are scanned; determination of file type is based on file name only.
  • Compressed File HandlingCompressed files can pose a special security risk. They often contain numerous files any one of which may be harmful and may be password protected to thwart scanning. They can contain hundreds of compression layers, which can slow or stall processing. Malicious hackers can use them to smuggle harmful code past the scanner or take control of the system.
  • Large file handlingWhen transferring large files, users may notice a lag, or the FTP client may time out while IWSVA is scanning the file. The impact is not usually noticed on transfers of less than 100MB, but the exact tipping point obviously depends on bandwidth, hardware, proxy performance, compression layers, and file size.
    A percentage of external data received by IWSVA is sent to the FTP client in chunks without scanning. The last chunk is sent to the FTP client to complete the download only after the entire set of data is received and scanned. Sending smaller chunks not only maintains the IWSVA - FTP client connection, but also keeps end-users posted of the download progress.
  • Quarantined File Handling—Trend Micro recommends that you encrypt quarantined files. The default quarantine directory is:
    /var/iwss/quarantine
    You can change the location in the Administration > IWSVA Configuration > Quarantine Management page.
See also