GFI DownloadSecurity is an ISAPI extension for ISA Server that provides additional control over file downloads via HTTP or FTP. While a primary use of the module would be for additional protection (via virus scanning or file-type quarantines) the vendor notes that the product could additionally be used as a traffic monitoring tool, via its ability to quarantine files for administrator examination by file extension or file type.

After installation, users will see a download progress dialog box after they initiate a download. Once the download is complete, the module scans the file for viruses or threats, and then compares its type and extension to the administrator defined ruleset. If the file is clean and does not trigger a rule, it is forwarded directly to the user. Other files are placed into quarantine for administrator approval; once (and if) approved (administrators can choose between a Windows client, a Web-based client, and an E-mail-based client to perform the approval tasks), such files are then forwarded on to the user as an E-mail attachment or a link, while users receive only a notice if the file was rejected.

GFI DownloadSecurity for ISA Server includes two different anti-virus engines, both of which are updated automatically: Norman Virus Control, and BitDefender. In addition, the user has the option of installing the Kaspersky or McAfee virus engines as either additional or replacement virus engines for the default offerings (contact the vendor for pricing on optional virus engines).

In addition to anti-virus capabilities, GFI DownloadSecurity can automatically quarantine files based on their file extension or file type on a user or group basis. Other features include a Trojan & Executable Scanner that detects malicious executables by examining their potential actions (based on disassembling their code) and comparing those actions to a database of known malicious actions; the ability to block "hidden" downloads, HTTP downloads initiated directly by software applications; and the ability to block Java applets and ActiveX control downloads for all but specifically trusted sites.

The latest enhancement to the GFI DownloadSecurity offering is spyware protection--currently provided only in products that include the Kaspersky virus engine (see above). The Kaspersky anti-virus engine checks downloads for known spyware through spyware signatures, as well as several types of adware programs. Additionally, the Kaspersky database detects key generators and credit card number generators, software cracks, Internet utilities (such as scanners), and others.

GFI DownloadSecurity for ISA Server is priced from $315 (25 users) to $3,750 (unlimited users) per server and is available now. Visit the GFI Software Web site for further information.