As an important part of a unified threat management (Unified Threat Management, UTM for short) function, an anti-virus (Anti-Virus, AV for short) technology attracts more and more attention. Its merits are to block malicious software on a gateway side, intercept a threat practically before an attack occurs, and protect user security to a greater extent.
Currently, a gateway that has an anti-virus function is implemented in two manners, that is, a proxy-based anti-virus gateway (which may be referred to as a proxy-type anti-virus gateway, and may also be referred to as a proxy gateway) and a stream scanning-based anti-virus gateway. The proxy anti-virus gateway starts proxy during three-way handshaking. The proxy gateway includes a proxy server and a proxy client, respectively interacting with a client (hereinafter referred to as a physical client to avoid confusion with the proxy client in the proxy gateway), and interacting with a server (hereinafter referred to as a physical server to avoid confusion with the proxy server in the proxy gateway). In an interactive communication process, a virus-scanning and caching module (Cache & Scanner) is responsible for receiving and caching a file. After the file is received, the file is sent to a scanning engine for virus scanning and identifying. If the file has no virus threat, the file is sent to the physical client or the physical server. The physical client and the physical server are generally unaware of a true identity of a peer end that performs data interaction with them.
During research on the present invention, the inventor finds that the prior art has the following defects: The proxy gateway needs to send each of received data packets to a proxy layer, and the virus-scanning and caching module caches the data packet first; for a data packet that needs scanning, the virus-scanning and caching module sends the data packet to the scanning engine for anti-virus scanning; if it is found that the data packet is not a file that is set by a user for scanning or is an unscannable file, the data packet also needs to be transparently transmitted through the proxy layer. In the foregoing implementation manner, excessive proxy layer resources are occupied, in which makes transmission efficiency extremely low, thereby greatly reducing gateway performance, and degrading user experience.