Understanding FTP Antivirus Scanning

If antivirus scanning is enabled for File Transfer Protocol (FTP) traffic in a content security profile, the security device monitors the control channel and, when it detects one of the FTP commands for transferring data, it scans the data sent over the data channel.

This is a general description of how FTP traffic is intercepted, scanned, and acted upon by the antivirus scanner:

  1. A local FTP client opens an FTP control channel to an FTP server and requests the transfer of some data.
  2. The FTP client and server negotiate a data channel over which the server sends the requested data. The security device intercepts the data and passes it to the antivirus scan engine, which scans it for viruses.
  3. After completing the scan, the device follows one of two courses:
    • If there is no virus, the device forwards the data to the client.
    • If there is a virus, the device replaces the data with a drop message in the data channel and sends a message reporting the infection in the control channel.

Related Topics

Junos OS Feature Support Reference for SRX Series and J Series Devices

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.