Antivirus detection on the USG6000

The antivirus function detects and processes virus files by using a professional intelligent detection engine based on a virus signature database that is updated constantly. Virus detection and processing are described as follows:
1. Virus detection
Virus detection is performed by the intelligent detection engine. After traffic flows into the intelligent detection engine, the engine:
(1) Performs in-depth analysis on the traffic and identifies the protocol type of the traffic and the file transmission direction.
(2) Determines whether virus detection is supported for the file transmission protocol and the file transmission direction.
The USG6000 supports virus detection for files transmitted through the following protocols: FTP, HTTP, POP3, SMTP, IMAP, NFS, and SMB.
The USG6000 supports virus detection for files transmitted in different directions.
a. Upload: The client sends files to the server.
b. Download: The server sends files to the client.
(3) Virus detection
The intelligent detection engine extracts the signature of a file meeting virus detection conditions, and matches the extracted signature with the signatures in the virus signature database. If the signature is matched, this file is a virus file and is processed based on the configuration file. If the signature is not matched, the file is transmitted.
The virus signature database contains common virus signatures collected by Huawei. The virus signature database defines common virus signatures and assigns a unique virus ID to each virus signature. After the virus signature database is loaded to the device, viruses defined in the signature database can be identified. The virus signature database must be updated from the security center (sec.huawei.com) constantly to ensure that latest viruses are identified in a timely manner.

2. Antivirus processing
When a virus file is detected:
(1) The intelligent detection engine determines whether the virus file is a virus exception. If so, the file is transmitted.
(2) If the virus file is not a virus exception, the intelligent detection engine determines whether the virus file is an application exception. If so, the specified action (transmitting the file, raising an alarm, or blocking the file) is taken.
(3) If the virus file is not a virus exception or an application exception, the action specified in the configuration file is taken.

Scroll to top