Is it possible to pass a virus over VPN?

Yes, it is.
1. Let's see. A virus is malware that resides on files that are seemingly innocuous, but when executed will install itself into the victim computer.

2. When you setup a VPN, what you are doing is connecting through internet to a firewall or other artifact as any other computer. There is a service there that will ask for credentials. When you connect your home machine, it will send all the information encrypted. It will also setup your home machine to direct all traffic through your VPN in case the addresses are in from company.

3. If your company does not have an antivirus product in place, you can viruses in your company machines. If you connect from your home, and transfer one of the infected file to your computer, and then execute from your computer, then you will get infected (that is, if you don't have a antivirus in your home machine).
If you connect using remote desktop, for instance, and execute an infected file, your remote machine willl get infected. It is unlikely your home machine will suffer in this case.

4. If your home machine does not have an antivirus, but your company does, then you may try to transfer the infected file from your machine to the company, and most likely the antivirus will catch that file.

5. Lastly, other malware like worms, may be able to detect your machine from the company, and try an attack, but the firewall may catch that any way.

So, in summary, yes it is possible but a little more difficult if you have the protection in place.

Cheers.

VPN is best thought of as a protocol for transmitting/receiving data in encrypted form across a network. Once it gets to the end of the VPN tunnel, it is no longer encrypted.

...................____________________VPN____________________...................
DATA DATA ||=== VGSD === VGSD === VGSD === VGSD ===|| DATA DATA

All great answers. In addition a VPN connection can be an avenue of attack! Modern banking Trojans are specifically written to work even when you use strong authentication and SSL to connect to a bank. The same methods could be used to hijack a VPN session back to your corporate network. Beware!

Jason, your VPN is a 'Virtual Private Network', and and in basic setup mode logically is just as vulnerable as two home computers ( or work computers ) plugged into the same switch.

Ideally your VPN is not wide open to all ports and protocols, but only those required for work. Unfortunately, many VPNs that are limited to work requirements still allow many of the basic ports ( SMB, RPC, etc ) required for Microsoft networking, and that's where many malware variants try to attack as that's where many of the vulnerabilities exist.

Please always consider layered security for protecting your systems. Use a good antivirus program, antispyware, antispam, firewall, and please please install patches and hotfixes for your operating system AND applications ( non-Microsoft too ! )

The VPN will/should only protect your system from the systems *outside* the VPN tunnel endpoints, which hopefully you have other protection from anyway ( either software or hardware firewalls, Intrusion Prevention Systems (IPS), etc )

Basically the answer is yes, a VPN allows you to create a Virtual Private Network's linking two or more networks together across and within other networks that may or may not be secure, in most cases this renders the VPN network secure from the networks its traveling through but does not offer any protection from the networks that are been joined in this manor, so Garbage in Garbage out.

You can do a lot to harden them up, restrict ports virus scanning ether end of the VPN, use end point security we use a ZyWALL USG (Unified Service Gateway) Device for that, there are other similar devices that also can be used.

Most financial and bank transactions use HTTPS rather than VPN. HTTPS uses SSL or TLS to encrypt the browser data. This is very different, however, from VPN, which establishes an encrypted tunnel, through which, all communications are encrypted. When you access your bank over the internet, you don't normally use VPN.

The VPN attacks, of which I am aware, involve specific clientless VPN products that bypass traditional domain-based browser security to allow cross-site scripting attacks. There were also some specific man-in-the-middle attacks where the users name and password are intercepted prior to establishing the VPN connection, but that relied on the use of group passwords rather than PKI.