Antivirus Settings

Your LANCOM R&S^®Unified Firewall protects your internal network against computer viruses with an integrated Avira virus scanner.

Important:

The virus scanner is included in the UTM license. When you boot your LANCOM R&S^®Unified Firewall for the first time, the virus scanner runs as a test version for 30 days. When this period has expired, the virus scanner is deactivated automatically. For more information, see License.

Navigate to UTM > Antivirus Settings to open an editor panel to display, activate and adjust the antivirus settings for your web and e‑mail proxy.

In the Antivirus Settings dialog you can view and configure the following information:

Input field	Description
License	This field displays the license information for your virus scanner.
Updates	This field shows the date on which the virus scanner tried to update last. Click Update now to update the virus scanner manually.
Last Successful Update	This field shows the time and date of the last successful update of the virus scanner.

Scanner

On the Scanner tab, you can activate or deactivate the virus scanner for e‑mails, HTTP(s) and FTP and modify the antivirus settings.

Note:

When downloading a file it is first downloaded by the LANCOM R&S^®Unified Firewall and only sent to the end device after a negative scan. During this process the download on the LANCOM R&S^®Unified Firewall takes place with full speed. Meanwhile the LANCOM R&S^®Unified Firewall sends a data stream with very low bandwith to the end device in order to keep the download alive. After finishing the process on the LANCOM R&S^®Unified Firewall the file is sent to the end device with full speed. Especially with large downloads this can lead to the impression, that the download speed is too low and there could be a performance issue. However this is a completely normal process.

Input field	Description
Scan archived files	This check box is selected by default. Clear the check box if you do not want the virus scanner to check archived files for viruses.
Enable Cloud Scan	This check box is not selected by default. Activate the check box to allow the scanning of files on Avira Protection Cloud. If the local antivirus application does not identify a file as a threat but as a risk, the file is hashed and will be sent to the Avira Protection Cloud. If the hash is known, this information is sent back as a result If the hash is unknown, the file is uploaded to the Avira Protection Cloud and checked. Important: This comparison only happens if the local antivirus application assesses the file´s risk class as sufficiently high.
Heuristic Analysis	Select the depth of the heuristic analysis from the drop-down list. Binary files are checked for code whose characteristics resemble those of viruses, or if they could cause any other kind of damage. In that way, virus sub-categories can be detected, even iif they have no signature of their own.

The following settings can be set separately for Mail or HTTP(s) and FTP.

Input field	Description
Active	Two slide switches indicate whether the virus scanner for e-mail and/or HTTP(S) and FTP is currently active (I) or inactive (0). Clicking the respective slide switch changes the status of this option. These options are enabled by default for all services.
Max. file size to scan	Set the maximum file size to scan in MB (Min: 1 MB, Max: 4096 MB).
Block files if max. file size limit is exceeded	If a file exceeds the maximum file size for a file to be scanned, then it can be blocked. If you uncheck this option, then the files will be downloaded without antivirus scan.
Block files if scan fails	Activate this check box to block e‑mails and/or the download of HTTP(S) and FTP files that the virus scanner could not check successfully. If an error occurs during the check, the e‑mail will be blocked and the recipient will be informed. If you clear the check box, the recipient will receive a substitute e‑mail with the original e‑mail as an encrypted attachment, together with the password to decrypt it.

Whitelist

On the Whitelists tab, you can add trusted hosts and servers to a whitelist. Data transferred from these hosts via HTTP or FTP as well as e‑mail addresses will not be checked for viruses.

Enter the IP address or domain name of the trusted host or server in the input field Trusted HTTP / FTP Sources.

Note: The entries to display multiple entries using wildcard characters are different for HTTP(S)/FTP and e‑mail.

For HTTP(S)/FTP: To unblock a domain "example.com" including all subdomains like "www.example.com", write ".example.com" with a dot at the beginning. To unblock only the domain "example.com" without subdomains, write "example.com" without a dot at the beginning.
For e‑mail:
- Entries with a dot at the beginning behave exactly like those for HTTP(S)/FTP.
- Entries starting with "*@" or "@" or without "@" in the text are only compared with the domain part of an e‑mail address. The comparison must fit exactly. For instance, @test.de would match all addresses with @test.de, but not @subdomain.test.de, for example.
- A complete e‑mail address only matches exactly this address.

Click to add the host or server to the list.

You can edit or delete single entries in the list by clicking the corresponding button next to an entry.

If you edit an entry, a check box will appear on the right of the entry. Click the check box to apply your changes.

For more information, see Icons and buttons.

Click Export to export your whitelist to the file system. Click Import to import a whitelist.

On Trusted Mail Addresses, you can add trusted e‑mail addresses by selecting one of the following options:

Sender All e‑mails sent from this e‑mail addresses will be excluded from the virus scanner.
Recipient All e‑mails sent to these e‑mail addresses will be excluded from the virus scanner.
Sender / Recipient All e‑mails sent from OR sent to these e‑mail addresses will be excluded from the virus scanner.

Click to add the e‑mail address to the list.

You can edit or delete single entries in the list by clicking the corresponding button next to an entry.

If you edit an entry, a check box will appear on the right of the entry. Click the check box to apply your changes.

Updates

On the Updates tab, you can configure automatic updates for the virus scanner:

Input field	Description
Update Servers	The default update server is: http://cybersecurity.rohde-schwarz.com/updateserver/av Add as many update servers as you wish. In the input field, enter the server´s URL and click . The server will be added to the list. Important: The list of update servers is processed top-down. When an update server can be reached, the other servers will not be contacted during this update process. You can edit or delete single entries in the list by clicking the corresponding button next to an entry. If you edit an entry, a check boxk will appear on the right of the entry. Click the check box to apply your changes. For more information, see Icons and buttons.
Automatic Updates	Enter a date and time for the first automatic update of the virus scanner. You can enter a date in the `MM/DD/YYYY` format or choose a date from the calendar. Set a time using the format `hh:mm:ss`. Enter a Interval in hours, with wich the virus scanner is to be updated. If you enter `0 h`, the update is carried out immediately. Click to add the update plan to the list. You can edit or delete single entries in the list by clicking the corresponding button next to an entry. If you edit an entry, a check box will appear on the right of the entry. Click the check box to apply your changes. For more information, see Icons and buttons.

Input field

Description

Update Servers

The default update server is: http://cybersecurity.rohde-schwarz.com/updateserver/av Add as many update servers as you wish. In the input field, enter the server´s URL and click

. The server will be added to the list.

Important: The list of update servers is processed top-down. When an update server can be reached, the other servers will not be contacted during this update process.

You can edit or delete single entries in the list by clicking the corresponding button next to an entry. If you edit an entry, a check boxk will appear on the right of the entry. Click the check box to apply your changes. For more information, see Icons and buttons.

Automatic Updates

Enter a date and time for the first automatic update of the virus scanner. You can enter a date in the MM/DD/YYYY format or choose a date from the calendar. Set a time using the format hh:mm:ss. Enter a Interval in hours, with wich the virus scanner is to be updated. If you enter 0 h, the update is carried out immediately. Click

to add the update plan to the list. You can edit or delete single entries in the list by clicking the corresponding button next to an entry. If you edit an entry, a check box will appear on the right of the entry. Click the check box to apply your changes. For more information, see Icons and buttons.

If you have modified these settings, use the buttons at the bottom right of the editor panel to confirm (Save) or to discard your changes (Reset). Otherwise, you can close the dialog (Close).

Click Activate in the toolbar at the top of the desktop to apply your configuration changes.

Important:

The antivirus settings for specific protocols (HTTP, FTP, e‑mail) only apply if a proxy for the corresponding protocol is configured and active. To configure a proxy, navigate to the proxy settings and create/edit a firewall rule to activate the proxy for the corresponding protocol (see also HTTP(S) Proxy Settings and E‑mail Security).