Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13
  1. #11
    Join Date
    Sep 2019


    So this had me really curious to do more reading and my assumptions in my original reply were correct.

    Both pro and lite versions need open protocols to work. So much of the web no longer uses this anymore. The only practical use for this is if you're running an ftp server for support or what have you.

    The cloud resources to supplement the local scan engine is cool and certainly a value added feature but if you're using the SSL Interceptor you will have to rely on the cloud service provider to properly anonymize the (meta)data. The Untangle write up talks a bit about scanning URL's which to me sounds redundant to the webfilter / IPS apps. If the Virus app pulls from another URL DB of known infected sites, then it's value added.

    All that said though, the virus app (lite or pro) is absolutely NOT a replacement for a local antivirus solution installed at the client level. It just can't technically do the same things given the nature where data sits and is moved.

    Side note: It blows my mind to find that Untangle offers a Bitdefender scan engine in their dirt cheap paid home user version. Pfsense and others rely on clam AV which is pale by comparison.

    The full Virus app decompresses and scans archives *IF* they are unencrypted during transit (ie. http/ftp/smtp) AND not encrypted at the file level.

    Virus Lite

    Virus Pro

    Virus Pro Showing Open Protocol Scanning Only

    Virus Pro Options

    Lastly, as you can see by the reports in the paid home version, it's all based on open protocols.

    Last edited by propellherhead333; 05-23-2020 at 11:27 PM.

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Phoenix, AZ


    Yep, and SSL Inspector while valuable... is a giant pain. Which is why I rely on the malware category in web filter.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    Phone: 866-794-8879 x201

  3. #13
    Join Date
    Jun 2020


    Can underline the statements here.... unless SSL is not inspected, only a few traffic is hit by the virus blocker in standard home usage. Ironically, most times virus signature updates for the clients.

    I am using Virus Blocker Lite (ClamAV) and activated ScoutIQ. I think I‘ve read that ScoutIQ is also working with encrypted traffic, but do not exactly know what it does in detail....
    Last edited by bEeReE; 06-26-2020 at 11:19 AM.

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2