12.6. Proxy Virus Scanner

The proxy virus scanner can scan all of the data that passes through the proxy to detect viruses. First, the complete file is loaded onto the Intra2net system and checked there. If it is virus-free, it is passed to the browser. If it is infected, the transfer is immediately stopped.

Since the user only receives a general error message, all subsequent access to an advisory page is redirected ("locked") at the same time. The virus found, the URL, etc. is displayed there. The user can confirm ("unlock") this by clicking on a link.

If the user is downloading a larger file, they will notice that they must wait for the complete file. In order to give the user feedback on the download progress, the Intra2net system always transmits exactly one 1024th of the data it receives. For example, if the browser shows 50 bytes/sec. then the actual download speed received by the Intra2net system is 50 KBytes / sec.

Multimedia data can also be streamed using the HTTP protocol, and as the virus scanner can only scan complete files, the proxy virus scanner will block it. To make streaming possible, the proxy virus scanner can be deactivated under Services > Proxy > Antivirus for certain data types and for certain domains.

The Virus Scanner allows cloud-based virus detection. Checksums are calculated from executable files and sent to a data center. If the checksums are known to be malicious, access to them is blocked. This significantly reduces the time between the first occurrence of a virus and detection. For data protection reasons, cloud-based virus detection only sends checksums and file names to the data center, and not complete files.

In addition to viruses and Trojans, the virus scanner can also detect adware and spyware. Should such a detected program have utility, then detection can be switched off.

The virus scanner contains a component for detecting macro viruses using heuristic analysis. The detection level for heuristics can be adjusted. At higher detection levels, more macros can be recognized as a virus, but this also could result in an increased proportion of files wrongly detected as a virus.