A new gateway appliance from ServGate Technologies Inc. uses Network Associates Inc.'s (NAI) McAfee antivirus scanning engine to perform edge-based virus scanning, according to a statement released by ServGate.
The new virus scanning feature is being offered on ServGate's SG300 and EdgeForce security gateways. Those appliances also contain firewall and virtual private network (VPN) software and are targeted at medium-sized and large enterprises.
The EdgeForce is capable of 75M bps (bits per second) of throughput on the firewall. The SG300 is capable of 200M bps of firewall throughput. The EdgeForce Professional model also comes equipped with a hard drive that can be used for virus scanning and quarantine as well as storing "forensic" information, according to Scott Lukes, ServGate's director of marketing.
The McAfee antivirus engine, which is being licensed to ServGate under an OEM (original equipment manufacturer) agreement, makes it possible for the ServGate appliances to scan both incoming and outgoing SMTP (Simple Mail Transport Protocol), POP3, and FTP (File Transfer Protocol) traffic for viruses, according to ServGate, based in Milpitas, California.
Files that are found to be infected will be repaired by the ServGate device before being passed on. Incoming files that cannot be repaired can be stored in quarantine or deleted, according to ServGate.
New and updated virus signatures are downloaded directly from McAfee at intervals that can be configured on each device by the network administrator. An e-mail alert system can notify system administrators in the event of an attack, according to Lukes.
Lukes sees the new ServGate model as a complement to client-and server-based antivirus and the beginning of what he referred to as a "three-tiered" approach to virus prevention, with full virus scanning at the network edge complementing additional scanning done on network servers and on the desktop.
Lukes denied that ServGate was sacrificing performance by adding antivirus to the existing firewall and VPN functions of the ServGate hardware. Under "normal use scenario," the added antivirus scanning won't degrade performance on the appliances, he said. Lukes did indicate, however, that lags in performance might occur given the right combination of factors such as a large number of VPN users and abnormally heavy traffic, coupled with the virus scanning.
"If everything gets turned on and gets used, its going to get bogged a bit," Lukes said.
What's less clear from ServGate's announcement is the fate of NAI's own McAfee e500 and e250 appliances. Those devices, like the ServGate models, sit at the Internet gateway and scan SMTP, FTP, POP3 and HTTP (Hypertext Transfer Protocol) for viruses and malicious code.
A spokeswoman for NAI confirmed that the company was leasing its McAfee antivirus engine to ServGate under an OEM agreement and said future plans for the McAfee appliances would not be affected by the ServGate deal.
IDC security analyst Charles Kolodgy doesn't see any contradiction in McAfee licensing its engine to ServGate.
"Appliances are a great avenue to get software out to clients," Kolodgy said. " In some cases, having multiple suppliers isn't a bad thing. McAfee just wants to make sure their antivirus engine is used. Now with appliance vendors adding more functionality to boxes to reach customer needs, McAfee gets another avenue to sell its product."
ServGate is entering an increasingly crowded field of edge-based antivirus appliances. Symantec Corp. already offers antivirus scanning in its Gateway Security line of products, and Nokia Corp. and Trend Micro Inc. announced last week an agreement to deliver e-mail scanning with their SC6600 gateway device.