Antivirus Scanning of Gateway Files
Files going through gateways are checked with several antivirus programs for safety.
Plain language
When files enter or leave your network through gateways, they are scanned using multiple antivirus programs to catch harmful software. This matters because without these scans, your organisation could unknowingly spread viruses or malware, leading to data breaches and financial losses.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Files imported or exported via gateways or CDSs undergo antivirus scanning using multiple different scanning engines.
Why it matters
Without antivirus scanning of files crossing gateways/CDSs, malware can enter or leave the network, causing breaches and data loss.
Operational notes
Keep multiple AV engines current and enabled on all gateway/CDS transfer paths; monitor scan failures and quarantine or block unscannable files.
Implementation tips
- IT team should ensure that antivirus software is installed on all gateways: Verify that every gateway device, through which files pass, has robust antivirus programs installed. Choose software that’s known for its reliability and ability to work with other security tools.
- IT manager should configure multiple antivirus engines: Set up the gateway to use several different antivirus tools, as each might catch different threats. Refer to guidelines from the Australian Cyber Security Centre (ACSC) or products recommended by the Australian Signals Directorate (ASD) to ensure effectiveness.
- System administrators should regularly update antivirus signatures: Keep the antivirus software's threat databases current to detect the latest threats. Schedule automatic updates or a daily manual check to ensure the antivirus tools are updated promptly.
- Office manager should coordinate regular training sessions: Organise training for staff to understand the importance of secure file handling and recognise suspicious file attachments. Run these sessions quarterly to keep awareness high.
- Business owner should review antivirus gateway logs quarterly: Go over the logs with your IT team to understand the kinds of threats being intercepted. Use this information to inform future security measures and training needs.
Audit / evidence tips
-
Askthe antivirus gateway configuration reports: Request documentation that outlines which antivirus solutions are deployed at the gateways
Goodshows multiple approved, up-to-date antivirus engines listed and configured
-
Aska log of recent file transfers through the gateways: Review the logs to see if files are consistently scanned
Goodshows logs with regular, automatic scanning by multiple antivirus engines
-
Askthe antivirus update schedule and logs: Request the schedule for virus signature updates and any logs showing past updates. Check that updates are scheduled frequently and have been completed as planned
Goodensures no missed updates and seamless protection
-
Askantivirus testing results: Request any testing reports or cases that simulate virus detections to check system response
Gooddemonstrates the system’s reliability to detect and handle real threats
-
Askemployee training attendance records: Request records from the latest cybersecurity training sessions focusing on file security
Goodshows regular training sessions that most staff have attended
Cross-framework mappings
How ISM-1288 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.7 | ISM-1288 requires that files imported or exported via gateways or CDSs undergo antivirus scanning using multiple different scanning engines | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.