This topic explains the following antivirus technologies used in Trend Micro NAS Security.
Pattern matching: Trend Micro NAS Security™ draws upon an extensive database of virus patterns to identify viruses and other malware through a process called "pattern matching." Trend Micro NAS Security™ examines key areas of suspect files for telltale strings of malware code and then compares them with thousands of virus signatures that Trend Micro has on record.
For polymorphic or mutating viruses, the Trend Micro NAS Security™ scan engine permits suspicious files to execute in a protected area for decryption. Trend Micro NAS Security™ then scans the entire file, and looks for strings of mutation-virus code.
Due to the large number of new viruses, the virus pattern file should remain up-to-date.
MacroTrap: Macro viruses are application specific, which means they can attack multiple operating systems. Given this cross-platform compatibility, combined with the growing popularity of the Internet and increasing power of macro languages, the magnitude of the threat posed by these viruses is obvious. Trend Micro's MacroTrap technology provides you with a means of protecting your network from this malware-type.
MacroTrap performs a rule-based examination of all macro code saved in association with a document. Macro virus code is typically contained as part of an invisible template (for example, *.dot in Microsoft Word) that travels with the document. MacroTrap checks the template for signs of a macro virus by seeking out instructions that perform virus-like activity. Examples of this behavior are copying parts of the template to other templates (replication), and execution of harmful commands (destruction).
Compressed files and archives (a single file
composed of many, often compressed, files) are the preferred file format
for file distribution via email or the Internet. Unless your antivirus
application is specially equipped to handle these files, viruses and other
malware may be "smuggled" into your network inside these files.
The scan engine in Trend Micro NAS Security™ can scan inside archives
and compressed files. It can even detect viruses in compressed files and
archives composed of other compressed files, up to twenty compression
layers.
To help conserve system resources, you can configure Trend Micro NAS Security™ to scan files within compressed archives that do not exceed a specific size. Skipped compressed files will appear in the system logs. It is important to note that the smaller the size specified above, the higher the risk of infection. Real-time Scan will still detect viruses included in skipped files during a decompression attempt.
Most antivirus solutions today offer you two options in
determining which files to scan for potential threats. Either all files
are scanned (the safest approach), or only those files with certain file
name extensions (considered the most vulnerable to infection) are scanned.
But recent developments involving files being
IntelliScan is a Trend Micro technology that identifies a file’s
IntelliScan examines the header of every file, but based on certain indicators,
selects only files that it determines are susceptible to viruses. Because
IntelliScan scans only files that are particularly vulnerable to infection,
using IntelliScan brings you the following benefits:
Performance optimization: IntelliScan uses fewer system resources than the Scan All option.
Shorter scanning period: The scan time is shorter than when you use Scan All for all files.