Dr.Web FTP Filter

During the installation of Dr.Web, Dr.Web FTP Filter is registered as an FTP protocol events handler. Preparing to the anti-virus scanning starts when the client establishes connection to the FTP server. Microsoft ISA Server and Microsoft Forefront TMG processes the data transferred from the client to the server and vice-versa:

1.Analyzing the client requests, Dr.Web FTP Filter defines the time of the file download request.

2.After receiving a request to download a file, Dr.Web FTP Filter checks if the server IP address belongs to the black and white lists of the IP addresses.

3.From the request, Dr.Web FTP Filter picks the name of the requested file and checks file size. If the file size does not exceed the limit (the default file size limit is 0.5 Mbyte), received data will be stored in a memory buffer. If the file exceeds the size limit, data will be saved in a file.

4.The file is partially transferred to the client (80% by default). Then the transfer is paused and Dr.Web FTP Filter checks the file. If the file does not contain threats, the rest of it is transferred to the client, otherwise, the transfer stops. The client does not obtain the whole file, but the virus signature can appear on the client's computer.

If the connection to the FTP server was interrupted because of a threat detection in the dowloaded file, you need to reconnect to the server to continue working with the FTP protocol.