From eScan Wiki
||· eScan · MailScan · Technologies||· Technical Info · Security Awareness · User Guides|
|MicroWorld Winsock Layer (MWL) Technology||
Anti-Virus software often come with sophisticated mechanisms for detecting and cleaning malware. In most cases, Anti-Virus software detects the presence of a malware only after the computer on which it installed is infected. MWL is a revolutionary technology from MicroWorld that is poised to change the way Anti-Virus software handle security threats. Unlike other Anti-Virus software that are currently available, it detects malware at the Winsock layer itself and prevents them from affect the applications residing at the Application Layer.
How MWL Works?
eScan primarily uses MWL to scan the incoming and outgoing network traffic. MWL is placed above the Winsock layer of the operating system. (See Figure 1. MWL Filters) All data passing through the Winsock layer has to pass through MWL. Thus, MWL acts as a transparent gatekeeper and monitors data packets for malicious content. It assembles the data packets coming from different TCP/IP ports into files based on their type into e mails, e mail attachments, or Web traffic, such as FTP traffic or ICQ traffic. It then passes the files through numerous filters, such as virus filters, content filters, and attachment filters. These filters check and issue dynamic notifications based on the validity of the content within each file.
Without MicroWorld WinSock Layer (MWL)
All incoming and outgoing mails, pass through the WinSock Layer at the server level and the client level.
With MicroWorld WinSock Layer (MWL)
MWL sits on WinSock. All content passing through WinSock has to mandatorily pass through MWL, where it is checked for any security violating data. If such data occurs, it is removed and the clean data is passed on to the application.
Benefits of MWL
The following are some of the benefits of the MWL technology.
In this chapter, you learnt about MWL and it role in the working of eScan.