SonicWALL Gateway Anti-Virus
3
SonicWALL TZ 180 TotalSecure
SonicWALL Gateway Anti-Virus
This section provides an overview to the SonicWALL Gateway Anti-Virus. This section contains
the following subsections:
• GAV Overview
• How Does GAV Work?
• Benefits
• SonicWALL Gateway Anti-Virus/Intrusion Prevention Features
• SonicWALL GAV Multi-Layered Approach
• SonicWALL GAV Architecture
GAV Overview
SonicWALL Gateway Anti-Virus (SonicWALL GAV) is part of the SonicWALL Gateway
Anti-Virus/Intrusion Prevention Service solution that provides unified threat management. The
integration of gateway anti-virus and intrusion prevention delivers intelligent, real-time network
security protection against sophisticated application layer and content-based attacks. Utilizing a
configurable, high-performance deep packet inspection architecture, SonicWALL Gateway
Anti-Virus/Intrusion Prevention Service secures the network from the core to the perimeter against
a comprehensive array of dynamic threats including viruses, worms, Trojans, and software
vulnerabilities, such as buffer overflows, as well as peer-to-peer and instant messenger
applications, backdoor exploits, and other malicious code.
How Does GAV Work?
SonicWALL GAV delivers real-time virus protection directly on the SonicWALL security appliance
by using SonicWALL’s IPS-Deep Packet Inspection v2.0 engine to inspect all traffic that traverses
the SonicWALL gateway. Building on SonicWALL’s reassembly-free architecture, SonicWALL GAV
inspects multiple application protocols, as well as generic TCP streams, and compressed traffic.
Because SonicWALL GAV does not have to perform reassembly, there are no file-size limitations
imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are
also performed on a single-pass, per-packet basis.
SonicWALL GAV delivers threat protection directly on the SonicWALL security appliance by
matching downloaded or e-mailed files against an extensive and dynamically updated database of
threat virus signatures. Virus attacks are caught and suppressed before they travel to desktops.
New signatures are created and added to the database by a combination of SonicWALL’s
SonicAlert Team, third-party virus analysts, open source developers and other sources.
Benefits
SonicWALL GAV can be configured to protect against internal threats as well as those originating
outside the network. It operates over a multitude of protocols including SMTP, POP3, IMAP, HTTP,
FTP, NetBIOS, instant messaging and peer-to-peer applications and dozens of other stream-based
protocols, to provide administrators with comprehensive network threat prevention and control.
Because files containing malicious code and viruses can also be compressed and therefore
inaccessible to conventional anti-virus solutions, SonicWALL GAV integrates advanced
decompression technology that automatically decompresses and scans files on a per packet basis.
