2.4. Web Anti-Virus


2.4.1. Overview

Web Anti-Virus is a service that detects or/and blocks viruses that invade via Web access (HTTP communication) and FTP communication.
This service is used via the SIGs. You need to apply separately for Service Interconnectivity.

2.4.2. Features

The following features are available for Web Anti-Virus.
Feature Overview
Virus Scan
A feature that monitors Web access (HTTP communication) and FTP communication, and executes specified actions when viruses are detected.
The target protocols of this service are HTTP and FTP.

You can select one of the following actions per protocol.
Items Overview
Allow Allows communication without logging.
Alert Monitors Web access (HTTP communication) and FTP communication and detects viruses without blocking. Logs detection status.
Block Monitors Web access (HTTP communication) and FTP communication, detects and blocks viruses. Displays blocked screen to the user. Logs blocking status.

Analysis Capacity

  • Maximum traffic volume: 200 Mbps in total of both directions/service
  • Maximum simultaneous connections: 40,000 sessions/service
Note 1: The above values are best-effort.
Note 2: You can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5 services used) by applying additional services. When you need the additional service, please contact us in advance.

2.4.3. Restrictions

Restrictions relating to IP addresses

  • In order to connect the SIGs with Web Anti-Virus, you must have two IP address blocks available. If the IP address block is already being used, NTT Com Group might ask you to change it.
  • NTT Com Group will manage the assigned IP address blocks, and assign IP addresses to the devices that require them.
Restrictions relating to network configuration

  • If you perform Ping monitoring on the VM, you will require an additional Server Segment for direct connection between vFW/INA and the VM.
  • Do not connect the target server segments directly to the vFW/INA.
Other restrictions

  • When the actual traffic volume exceeds the contracted traffic volume, the excess traffic might be discarded.

  • The following communications are not targeted for Virus Scan.

    • Encrypted communication (e.g. HTTPS, SFTP)
    • Password-protected files
    • Files compressed by compression algorism other than zip/gzip
    • Files compressed three (3) times or more
  • Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded as a standard function regardless of customer’s configuration.
    (Examples)
    • When the IP header is cut off in the middle
    • When the Port number is 0 (zero)
    • When the TCP flag combination is abnormal and others
  • If devices making up this feature are replaced due to malfunction etc., you will not be able to check device logs or event reports from prior to the replacement via Security Web Portal. In addition, if the active server and the standby server are switched for a redundantly configured device and they are restored without replacing the device, you cannot check the log or the event reports of the period during which the switching occurred from Security Web Portal.

  • Web Anti-Virus does not guarantee that the Web Anti-Virus feature has integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the virus identification algorithms provided by the developers or distributors of the devices making up the Web Anti-Virus feature is not guaranteed.

  • The following information might be provided to the developers or distributors of the devices making up the Web Anti-Virus feature.

    • Configuration information obtained from providing Web Anti-Virus
    • Information concerning detection etc., for Web Anti-Virus
We cannot guarantee recovery from failures that might occur due to incompatibility between Web Anti-Virus and your environment, or failures that occur due to your operations other than those specified by NTT Com group.