SonicWALL TZ 180 Manual

A SERVICE OF

next previous

SonicWALL Gateway Anti-Virus

10

SonicWALL TZ 180 TotalSecure

Note 8-bit encoding is handled natively for all email based protocols (SMTP, POP3, and

IMAP) since no decoding is required for each encoding scheme.

SMTP

Capabilities: base64 decoding, zip (including archives) and gzip decompression.

Prevention Mechanism: The message which contains the virus is removed from the head of the

sent queue, thus preventing it from being resent, via 552 SMTP response and the connection is

terminated.

POP3

Capabilities: base64 decoding, zip (including archives) and gzip decompression.

Prevention Mechanism: The message which contains the virus is removed from the POP3 server

via 'DELE' command and the connection is terminated. Continuation of message downloads

following termination requires the user to re-initiate the download process on their POP3 client in

order to download the rest of the messages from the POP3 server.

Note: POP3 client behavior varies from one client to the next. SonicWALL GAV attempts to determine

the type of POP3 client being used, and to compensate for behavioral differences. In rare cases,

some clients may require special GAV settings - these settings have been made available in the

/diag.html page.

• Disable Gateway AV POP3 Auto Deletion - When a POP3 client is identified as Outlook

Express, DELE (delete) message sequencing is tailored to Outlook Express' behavior. This

setting can resolve problems caused by misidentification that are encountered during the

deletion of virus-infected emails.

• Disable Gateway AV POP3 UIDL Rewriting - Certain Netscape POP3 clients have

difficulty with the UIDL (unique ID listing - RFC1939) command. When a POP3 client is

recognized as Netscape, UIDL messages are suppressed, which is allowable because they

are optional. This setting can resolve problems caused by misidentification that are

encountered during the message retrieval process.

IMAP

Capabilities: base64 decoding, zip (including archives) and gzip decompression.

Prevention Mechanism: The connection is terminated, preventing the user from downloading the

mail containing the violation. The user must manually mark the mail deleted and purge it from the

server.

HTTP

Capabilities: zip (including archives), gzip and deflate decompression. Deflate decompression

method is not supported when HTTP response is Chunk Encoded. All HTTP traffic is inspected, not

just TCP port 80. Suppresses the use of HTTP Byte-Range requests to prevent the sectional

retrieval and reassembly of potentially malicious content.

Note Suppression of HTTP Byte-Range requests may inhibit the use of certain download

accelerator programs that attempt to retrieve files as multiple simultaneous requests.