User Guide 19115Gateway AntiVirus and IntrusionPrevention ServiceThere are many methods to attack computers on the Internet. The two primary categories of attack areviruses and intrusions. Viruses, including worms and trojans, are malicious computer programs thatself-replicate and put copies of themselves into other executable code or documents on your com-puter. When a computer is infected, the virus can destroy files or record key strokes. An intrusion iswhen someone launches a direct attack on your computer. Usually the attack exploits a vulnerability inan application. These attacks are created to cause damage to your network, get sensitive information,or use your computers to attack other networks.To help protect your network from viruses and intrusions, you can purchase the optional Gateway Anti-Virus/Intrusion Prevention Service (Gateway AV/IPS) for the Firebox® X Edge e-Series to identify andprevent attacks. The Intrusion Prevention Service and the Gateway AntiVirus Service operate with theSMTP, POP3, HTTP, and FTP proxies. When a new attack is identified, the features that make the virus orintrusion attack unique are recorded. These recorded features are known as the signature. GatewayAV/IPS uses these signatures to find viruses and intrusion attacks when they are scanned by the proxy.You must purchase the Gateway AV/IPS upgrade to use these services. For more information, visit theWatchGuard LiveSecurity® web site at http://www.watchguard.com/store or contact your WatchGuardreseller.WatchGuard cannot guarantee that Gateway AV/IPS can stop all viruses or intrusions, or prevent dam-age to your systems or networks from a virus or intrusion attack.Understanding Gateway AntiVirus SettingsThe Gateway AntiVirus Service works together with the SMTP, POP3, HTTP, and FTP proxies. If you havenot enabled these proxies they are automatically enabled with a default configuration when youenable Gateway AV for that protocol.• If you enable Gateway AntiVirus with the POP3 or SMTP proxy, it finds viruses encoded withfrequently used email attachment methods. If a virus is found, the attachment is removed.Gateway AntiVirus scans all emails with base64, binary, 7-bit, and 8-bit encoding and alluuencoded email. Gateway AntiVirus blocks email that uses binhex encoding.• If you enable Gateway AntiVirus with the HTTP proxy, it finds viruses in content that users try todownload with HTTP, such as web pages. If a virus is found, the user’s connection is dropped. Theuser sees the custom deny message you set with your HTTP proxy configuration.