Antivirus and flow-based full scan

Forum|Forum|8 years ago
October 29, 2017
1 reply
3826 views

Hi guys,

I have been reading about Antivirus with both inspection modes and had a doubt. I thought when using Antivirus with flow-based full scan only the IPS engine is used, but the NSE4 course says the following about Antivirus with flow-based full scan: "The IPS engine checks for the rule match and then sends to the AV engine for scanning".

Then, what is the exactly function of the IPS engine is the AV engine scans the file? What does rule match mean?

Thanks in advance,

Julián

Best answer by tanr

I think it's a little more complicated than that.

Life of a Packet http://docs.fortinet.com/uploaded/files/2795/fortigate-optimal-life-54.pdf on pages 20 and 22 show the flow-based and proxy-based inspection process -- or at least a rough outline of it.

There was some discussion of this a while back: https://forum.fortinet.com/tm.aspx?m=135666.

tanrAnswer

New Member

I think it's a little more complicated than that.

Life of a Packet http://docs.fortinet.com/uploaded/files/2795/fortigate-optimal-life-54.pdf on pages 20 and 22 show the flow-based and proxy-based inspection process -- or at least a rough outline of it.

There was some discussion of this a while back: https://forum.fortinet.com/tm.aspx?m=135666.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded