uOS - Anti-Malware SHA256 Malware Signature Support
Options
Zyxel_Claudia
Posts: 254 
Zyxel Employee
Zyxel Employee
Anti-Malware - SHA256 Support
To align with modern security standards, Zyxel Networks has added SHA256 hash support for malware signatures in version 1.37. SHA256 is now the primary hash function used by most security vendors, replacing the older MD5 standard.
Processing Efficiency
The firewall's behavior changes depending on the configuration of the MD5 list:
- Optimized Performance: If the MD5 allow or block list is left blank, the firewall skips MD5 calculations entirely and proceeds directly to the SHA256 local cache. This results in faster processing and reduced CPU overhead.
- Dual Processing: If MD5 entries are present, the firewall is forced to calculate both MD5 and SHA256 hashes for incoming files, which adds processing latency.
Implementation Details
SHA256 signatures can be imported into both allow and block lists. For incoming traffic, the sequence typically involves checking the allow or block list first, followed by anti-malware signatures, local cache, sandbox, and eventually cloud-based queries. By default, SHA256 is calculated for selected file types when anti-malware is enabled.
Verification Log
0
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 217 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 581 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 297 Service & License
- 476 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 102 Security Highlight