Kaspersky NGFW can use Object Anti-Virus to scan the contents of archives detected in traffic for malware. Kaspersky NGFW scans archives in TCP traffic transmitted over all supported protocols, including their encrypted versions: HTTP, SMTP, POP3, IMAP. The list of supported archive formats is determined by the local Anti-Virus databases and can change over time.
You can enable scanning of files contained in archives transmitted in traffic using the scan-archives command from the security antivirus family of commands. For a description of command families and a link to the complete list of Kaspersky NGFW configuration commands, see the Managing Kaspersky NGFW using the command line document.
By default, the scanning of archive contents is disabled. If you enable the scanning of archive contents, it applies to all traffic that is scanned by Anti-Virus security profiles with Object Anti-Virus enabled.
The scanning the archive contents using Object Anti-Virus has the following limitations: