XML security vendor Forum Systems next week is scheduled to release anti-virus capabilities for its XML firewall that will let users block viruses that could be embedded within XML messages.

Version 5.0 of XWall, the company's Web services firewall, will open XML messages and documents and run an anti-virus scanning engine against the contents. The company has licensed the eTrust anti-virus engine from Computer Associates.

The focus is to prevent common viruses from infecting machine-to-machine communications that users rely on as part of Web services deployments or service-oriented architectures. Forum's XWall already protects against XML-based viruses and attacks.

Traditional firewalls can't protect against viruses embedded in messages because they filter packets and are not designed to open and inspect XML messages.

While Forum says the problem of typical IP-based viruses being injected into XML messages is uncommon today, experts say that XML firewalls might become the top-level perimeter network defense.

"Right now this is new and interesting, but at some point these [XML] systems turn into the foundation for your perimeter defense," says Pete Lindstrom, an analyst with Spire Research. "Four or five years from now, the roles are reversed and the XML firewall becomes the foundation that everything else plugs into."

As more applications start using XML, the issues surrounding viruses will rise. Common applications such as Microsoft Word and Excel let users save files in an XML format. "If we are sharing files in some way, viruses will be attached," Lindstrom says.

If they are attached to Simple Object Access Protocol (SOAP) messages, Forum says it will catch them. The Forum XML Antivirus module for XWall 5.0 is designed to find all attachments to SOAP messages and unlock binary data encoded with Multipurpose Internet Message Encapsulation or Direct Internet Message Encapsulation. The module also supports SSL and XML encryption so it can decrypt messages before passing them to the anti-virus engine.

The anti-virus engine can receive virus signature updates from CA's eTrust Security Advisor. Forum also offers a service called Vulnerability Containment, an online service to automatically configure XML intrusion-prevention policies, and deliver vulnerability alerts and software upgrades.