ServGate and Network Associates collaborate on antivirus appliance

A gateway appliance from ServGate Technologies uses Network Associates' McAfee antivirus scanning engine to perform edge-based...

A gateway appliance from ServGate Technologies uses Network Associates' McAfee antivirus scanning engine to perform edge-based virus scanning.

ServGate is offering the virus scanning feature on its SG300 and EdgeForce security gateways. Those appliances also contain firewall and virtual private network (VPN) software and are aimed at medium-sized and large enterprises.

The EdgeForce is capable of 75Mbps (bits per second) of throughput on the firewall. The SG300 is capable of 200Mbps of firewall throughput. The EdgeForce Professional model also comes equipped with a hard drive that can be used for virus scanning and quarantine as well as storing "forensic" information, claimed ServGate director of marketing Scott Lukes.

The McAfee antivirus engine, which is licensed to ServGate under an original equipment manufacturer agreement, makes it possible for the ServGate appliances to scan both incoming and outgoing SMTP (Simple Mail Transport Protocol), POP3, and FTP (File Transfer Protocol) traffic for viruses.

The ServGate device repairs infected files before passing them on. Incoming files that cannot be repaired can be stored in quarantine or deleted.

New and updated virus signatures are downloaded directly from McAfee at intervals that can be configured on each device by the network administrator. An e-mail alert system can notify system administrators in the event of an attack.

Lukes saw the ServGate model as a "three-tiered" approach to virus prevention, with full virus scanning at the network edge complementing additional scanning done on network servers and on the desktop.

Lukes denied ServGate had sacrificed performance by adding antivirus to the existing firewall and VPN functions of the ServGate hardware, insisting that with normal use, the added antivirus scanning would not degrade performance on the appliances. Lukes did indicate, however, that lags in performance might occur given the right combination of factors such as a large number of VPN users and abnormally heavy traffic, coupled with the virus scanning.

What's less clear from ServGate's announcement is the fate of Network Associates' McAfee e500 and e250 appliances. Those devices, like the ServGate models, sit at the Internet gateway and scan SMTP, FTP, POP3 and HTTP (Hypertext Transfer Protocol) for viruses and malicious code.

A Network Associates spokeswoman confirmed that the company was leasing its McAfee antivirus engine to ServGate under an OEM agreement and said future plans for the McAfee appliances would be unaffected by the ServGate deal.

IDC security analyst Charles Kolodgy doesn't see any contradiction in McAfee licensing its engine to ServGate.

"Appliances are a great avenue to get software out to clients," Kolodgy said. " In some cases, having multiple suppliers isn't a bad thing. McAfee just wants to make sure their antivirus engine is used. Now, with appliance vendors adding more functionality to boxes to reach customer needs, McAfee gets another avenue to sell its product."

Symantec offers antivirus scanning in its Gateway Security line of products, and Nokia and Trend Micro announced last week an agreement to deliver e-mail scanning with their SC6600 gateway device.

Read more on Antivirus, firewall and IDS products