GajShield Knowledge Base

All the documents you require to help you configure and manage GajShield firewalls.

How GajShield virus scanning is better than Sonicwall virus scanning

There are two ways to do virus scanning :
1)      Traditional File based approach - used by GajShield
2)      Packet-by-Packet or Stream based Virus scanning as called by Sonicwall.
 
 Let us understand how the Traditional File based approach used by GajShield works :

If a file is downloaded from the Internet, it gets split up into multiple parts ( called Packets) of approximately 1500 bytes each and these parts are then sent over the Internet. In the traditional (file based) way, the gateway get all packets, then reassemble them to a complete file, then scan it for viruses, and if everything is OK, divide the file into parts again sending it to its final destination.

Sonicwall will claim that there will be Delay or Latency using the Traditional File based Approach
 
Sonicwalls stream based antivirus has the following three major disadvantages:
 
1)       Accuracy The accuracy of detecting viruses will be decreased, if a virus is spread over two or more packets. Therefore, many virus patterns will not match.
 
2)       Compressed Files With this approach, however, virus scanning inside compressed files won't work, because most compression mechanisms use a sort of dictionary which gets appended at the end of the file. This dictionary is mandatory in order to decompress the data part. This means that all packets need to be stored until the dictionary is received, because otherwise scanning of ZIP files is impossible.
 
3)       No detection of Advanced Viruses It is not possible to use advanced virus detection mechanisms like sandbox simulations or integrity checking. State of the art virus scanners use a simulation engine to simulate how either an executable or a word macro would work, when they would be executed on a client system. Depending on they outcome, they know if it behaves correctly or not. But in order to process such advanced techniques, you again need to have access to the full file.
 
Points to point to a customer
1)       Do you want to compromise on the virus scanning capability in name of “new technology” or "speed"
2)       Do you want part virus scanning or only in the wild virus scanning which scans  only the most popular viruses at that time and not the older viruses.
3)       Viruses coming in compressed files will still enter your network - This is more dangerous for you as you may think that your viruses would be stopped at the gateway.
4)       Your total cost of ownership will increase as you will need to deploy another virus scanning at the gateway which can detect all the viruses.