|
Untangle Virus Blocker Overview:
Stop virus outbreaks before they reach users desktops.
With an intuitive GUI and the ability to scan multiple
protocols, Untangle makes it easier for administrators
to:
- Protect users from virus threats over web (http),
email (SMTP, POP & IMAP) and file transfer (FTP)
protocols
- Scan archives and compressed files like Zip,
RAR, Tar and many others
- Ensure that signatures are always current with
automatic updates
Viruses can disrupt business, destroy data, and spread
to your customers—a scenario that no business owner
ever wants to face. You can now protect your entire
network from virus threats with our purpose-built antivirus
application. Whether it’s a virus, worms, Trojans or
malware, our Virus Blocker keeps emails, webmail, downloads
and file transfers safe with the latest advances in
antivirus technology, and works within a variety of
different protocols.
Your business gets full, comprehensive virus protection,
updated regularly, so you’ll always have the most current
protection available. Plus, you’ll also get the big
picture view of your antivirus environment, including
what viruses are being blocked.
Key Features:
- Open source & Free under the GNU General Public
License (GPL)
- Unlike desktop solutions, Untangle sits at the
network gateway so there is only one application
to keep up-to-date, and Untangle does that automatically
- Protection on the most common email protocols
SMTP, IMAP, and POP
- Protection for webmail and file transfer via
HTTP and FTP protocols, an increasingly common route
for infection
- Reports and event logs show you what viruses
are being blocked on the network

Technical Specifications:
Virus Blocker and Kaspersky Virus Blocker protect
your network against viruses. Viruses infect networks
in many different ways, so our Virus Blocking applications
scan numerous protocols for viral signatures including:
- Email: SMTP, POP, IMAP
- Web: HTTP
- File Transfer: FTP
Virus Blocker is based on an open source virus scanner,
ClamAV, while Kaspersky Virus Blocker leverages Kaspersky
. Both Applications:
- Detect viruses, worms, and trojan horses
- Scan within archives and compressed files: Zip,
RAR, Tar, Gzip, Bzip2, MS OLE2, MS Cabinet Files,
MS CHM, and MS SZDD
- Protect against archive bombs, files that are
repeatedly compressed. Such files cause other virus
scanners or programs to crash or hang by consuming
all CPU resources. Intensive resource consumption
can occur when other virus scanners scan numerous
levels of files within files; however, Untangle
Virus Blocker products thwart this technique
What It Does
Transparently scans HTTP, FTP, SMTP, POP and IMAP
traffic for viral signatures
How It Does It
Virus Blocker and Kaspersky Virus Blocker use on-the-fly
decompression of archive files for scanning and can
scan arbitrarily large files
Controls
- Can be configured to scan incoming and/or outgoing
by traffic type
- In addition,
- HTTP: configurable scanning by file extension
or MIME type
- SMTP: action on detection can be set to
remove infection, block or pass message, with
or without sender and/or receiver notification
- POP and IMAP: action on detection can be
set to remove infection or pass message (the
nature of POP and IMAP protocols prevents messages
from being blocked, but they can be scanned
and cleansed)
- FTP and HTTP: “download resume” can be disabled
- Scan trickle rate can be configured to support
very large files
Virus Blocker FAQs:
How do Untangle Server's Virus Blockers compare
to "brand-name" virus blockers?
According to an independent evaluation, Virus
Blocker "beats the pants off its commercial competition".
If I use the Untangle Server, do I need to install
virus software on individual network computers?
If you have Untangle's Virus Blockers running
on the Untangle Server, the Untangle Server scans
all inbound and outbound email traffic that goes
through the Untangle Server. This protection
is your first layer of protection. Imagine this
scenario:
Angela is a Resume Writer at Angelic Resumes,
Inc. One day she works from a remote location,
and downloads an infected file from the Internet
to her personal laptop, then to her USB drive.
She returns to the office the next day, and,
using the USB drive, saves the infected file
directly to her desktop computer. Her desktop
computer is now infected with a virus. To make
matters worse, she emails that file to her coworkers.
Her coworkers download the file, and now their
desktops are also infected.
In this scenario the file was transfered without
going through the Untangle Server. If Angela had
emailed the file to her coworkers work email accounts
from her personal email account, that email would
have passed through the Untangle Server, and the
Untangle Server would have prevented the virus from
entering your protected network.
You cannot fully ensure that all traffic enters
and exits your Untangle Server, Untangle recommends
an additional layer of protection. Consider installing
anti-virus software on all network desktops and
laptops.
For Email, why is blocking (or quarantining) of emails
when a virus is detected not always an option?
Only the SMTP protocol allows the Untangle Server
to block email messages. The details of the POP
and IMAP protocols do not allow the Untangle Server
to block or quarantine email messages.
When configuring my Untangle Server to mark virus
emails received over IMAP, the subject of the mails
changes to [VIRUS]... only after I click on the message.
Why?
Most IMAP clients first fetch summary information
about emails (subject, sender) so the end user can
see a preview list of messages. Only when the user
selects (clicks on) the message is the actual content
of the message retrieved from the server and the
Untangle Server is able to scan the message. Unfortunately,
some email clients do not detect the change in subject
and update their preview list when the Untangle
Server marks the message.
What happens to virus hoaxes?
Spam Blocker, not Virus Blocker or Kaspersky
Virus Blocker, blocks virus hoaxes because this
type of email is spam, and does not carry an actual
virus.
If I have both virus blockers installed, are one
or both used and in which order?
If you have only one virus blocker installed
then only that scanner will be applied, according
to the settings you have established, assuming the
Rack element is powered up. If you have two virus
scanners installed then the "for fee" service is
applied to a message first: if a message passes
the "for fee" scanner then and only then the open
source scanner is applied to the message (there's
no point in scanning the message twice if the first
scanner has rejected it.) This is not to say one
scanner is inherently better than the another: we
point this out in the event you are evaluating the
two scanners against one another to determine which
or both best fits your needs. In this case, note
that the "for fee" scanner is complemented
by the open source scanner and in the case of a
virus-free message, the computational overhead of
the virus scan includes both scanners;
where as a message that would be rejected by both
scanners incurs the computational and time cost
of just the "for fee" scanner. So, to perform a
valid comparison, you should run test messages through
the Untangle Gateway with no scanners installed,
the "for fee" scanner by itself, the open source
scanner by itself and lastly both
scanners installed together and compare the results.
How can I test that viruses are being blocked?
An easy way to test HTTP virus scanning is to
download the eicar test from a machine behind Untangle.
If virus scanning is not working the file will download
successfully (it is harmless). If it is working
a block page will be displayed.
Hardware Requirements:
- The Untangle Server requires a dedicated PC
installed at the gateway to your network.
- Your hardware does not need an operating system
- the Untangle Server installs its own operating
system.
- The Untangle Server software completely erases
any content or data that may exist on your PC hard
drive.
Sizing Guidance
Recommended Configurations (New Hardware)
When purchasing new hardware, spending a couple of
extra dollars to meet the following recommended configurations
provides the best value.
|
Resource |
Up to 50 Users |
Up to 100 Users |
Up to 300 Users |
| Intel/AMD-compatible
Processor |
Pentium 4
equivalent or greater |
Dual Core |
Dual Core |
| Memory |
1 GB |
1 GB |
2 GB |
| Hard Drive |
80 GB |
80 GB |
80 GB |
| NIC's |
2 (3 for
DMZ) |
2 (3 for
DMZ) |
2 (3 for
DMZ) |
Verified Configurations (Trials, Refurbished or
Repurposed Hardware)
These are the lowest verified hardware configurations
that provide reliable — albeit sometimes slower — performance
in production. However, it may be possible for organizations
with lower than average network traffic or organizations
that do not wish to use all of the modules to run Untangle
on smaller systems.
|
Resource |
Up to 50 Users |
Up to 100 Users |
Up to 300 Users |
| Intel/AMD-compatible
Processor |
800 MHz |
1.2 GHz |
1.6 GHz |
| Memory |
512 MB |
1 GB |
2 GB |
| Hard Drive |
20 GB |
30 GB |
40 GB |
| NIC's |
2 (3 for
DMZ)Z) |
2 (3 for
DMZ) |
2 (3 for
DMZ) |
|