Untangle Virus Blocker

Untangle Virus Blocker Overview:

Stop virus outbreaks before they reach users desktops. With an intuitive GUI and the ability to scan multiple protocols, Untangle makes it easier for administrators to:

• Protect users from virus threats over web (http), email (SMTP, POP & IMAP) and file transfer (FTP) protocols
• Scan archives and compressed files like Zip, RAR, Tar and many others
• Ensure that signatures are always current with automatic updates

Viruses can disrupt business, destroy data, and spread to your customers—a scenario that no business owner ever wants to face. You can now protect your entire network from virus threats with our purpose-built antivirus application. Whether it’s a virus, worms, Trojans or malware, our Virus Blocker keeps emails, webmail, downloads and file transfers safe with the latest advances in antivirus technology, and works within a variety of different protocols.

Your business gets full, comprehensive virus protection, updated regularly, so you’ll always have the most current protection available. Plus, you’ll also get the big picture view of your antivirus environment, including what viruses are being blocked.

Key Features:

• Open source & Free under the GNU General Public License (GPL)
• Unlike desktop solutions, Untangle sits at the network gateway so there is only one application to keep up-to-date, and Untangle does that automatically
• Protection on the most common email protocols SMTP, IMAP, and POP
• Protection for webmail and file transfer via HTTP and FTP protocols, an increasingly common route for infection
• Reports and event logs show you what viruses are being blocked on the network

Technical Specifications:

Virus Blocker and Kaspersky Virus Blocker protect your network against viruses. Viruses infect networks in many different ways, so our Virus Blocking applications scan numerous protocols for viral signatures including:

• Email: SMTP, POP, IMAP
• Web: HTTP
• File Transfer: FTP

Virus Blocker is based on an open source virus scanner, ClamAV, while Kaspersky Virus Blocker leverages Kaspersky . Both Applications:

• Detect viruses, worms, and trojan horses
• Scan within archives and compressed files: Zip, RAR, Tar, Gzip, Bzip2, MS OLE2, MS Cabinet Files, MS CHM, and MS SZDD
• Protect against archive bombs, files that are repeatedly compressed. Such files cause other virus scanners or programs to crash or hang by consuming all CPU resources. Intensive resource consumption can occur when other virus scanners scan numerous levels of files within files; however, Untangle Virus Blocker products thwart this technique

What It Does

Transparently scans HTTP, FTP, SMTP, POP and IMAP traffic for viral signatures

How It Does It

Virus Blocker and Kaspersky Virus Blocker use on-the-fly decompression of archive files for scanning and can scan arbitrarily large files

Controls

• Can be configured to scan incoming and/or outgoing by traffic type
• In addition,
  • HTTP: configurable scanning by file extension or MIME type
  • SMTP: action on detection can be set to remove infection, block or pass message, with or without sender and/or receiver notification
  • POP and IMAP: action on detection can be set to remove infection or pass message (the nature of POP and IMAP protocols prevents messages from being blocked, but they can be scanned and cleansed)
  • FTP and HTTP: “download resume” can be disabled
• Scan trickle rate can be configured to support very large files

Screenshots:

(Enlarge Image)

Virus Blocker FAQs:

How do Untangle Server's Virus Blockers compare to "brand-name" virus blockers?

According to an independent evaluation, Virus Blocker "beats the pants off its commercial competition".

If you have Untangle's Virus Blockers running on the Untangle Server, the Untangle Server scans all inbound and outbound email traffic that goes through the Untangle Server. This protection is your first layer of protection. Imagine this scenario:

Angela is a Resume Writer at Angelic Resumes, Inc. One day she works from a remote location, and downloads an infected file from the Internet to her personal laptop, then to her USB drive. She returns to the office the next day, and, using the USB drive, saves the infected file directly to her desktop computer. Her desktop computer is now infected with a virus. To make matters worse, she emails that file to her coworkers. Her coworkers download the file, and now their desktops are also infected.

In this scenario the file was transfered without going through the Untangle Server. If Angela had emailed the file to her coworkers work email accounts from her personal email account, that email would have passed through the Untangle Server, and the Untangle Server would have prevented the virus from entering your protected network.

You cannot fully ensure that all traffic enters and exits your Untangle Server, Untangle recommends an additional layer of protection. Consider installing anti-virus software on all network desktops and laptops.

Only the SMTP protocol allows the Untangle Server to block email messages. The details of the POP and IMAP protocols do not allow the Untangle Server to block or quarantine email messages.

Most IMAP clients first fetch summary information about emails (subject, sender) so the end user can see a preview list of messages. Only when the user selects (clicks on) the message is the actual content of the message retrieved from the server and the Untangle Server is able to scan the message. Unfortunately, some email clients do not detect the change in subject and update their preview list when the Untangle Server marks the message.

Spam Blocker, not Virus Blocker or Kaspersky Virus Blocker, blocks virus hoaxes because this type of email is spam, and does not carry an actual virus.

If you have only one virus blocker installed then only that scanner will be applied, according to the settings you have established, assuming the Rack element is powered up. If you have two virus scanners installed then the "for fee" service is applied to a message first: if a message passes the "for fee" scanner then and only then the open source scanner is applied to the message (there's no point in scanning the message twice if the first scanner has rejected it.) This is not to say one scanner is inherently better than the another: we point this out in the event you are evaluating the two scanners against one another to determine which or both best fits your needs. In this case, note that the "for fee" scanner is complemented by the open source scanner and in the case of a virus-free message, the computational overhead of the virus scan includes both scanners; where as a message that would be rejected by both scanners incurs the computational and time cost of just the "for fee" scanner. So, to perform a valid comparison, you should run test messages through the Untangle Gateway with no scanners installed, the "for fee" scanner by itself, the open source scanner by itself and lastly both scanners installed together and compare the results.

An easy way to test HTTP virus scanning is to download the eicar test from a machine behind Untangle. If virus scanning is not working the file will download successfully (it is harmless). If it is working a block page will be displayed.

Hardware Requirements:

• The Untangle Server requires a dedicated PC installed at the gateway to your network.
• Your hardware does not need an operating system - the Untangle Server installs its own operating system.
• The Untangle Server software completely erases any content or data that may exist on your PC hard drive.

Sizing Guidance

Recommended Configurations (New Hardware)

When purchasing new hardware, spending a couple of extra dollars to meet the following recommended configurations provides the best value.

Verified Configurations (Trials, Refurbished or Repurposed Hardware)

These are the lowest verified hardware configurations that provide reliable — albeit sometimes slower — performance in production. However, it may be possible for organizations with lower than average network traffic or organizations that do not wish to use all of the modules to run Untangle on smaller systems.