| Re: Scanning Virus in ZIP [message #120437 is a reply to message #120427] |
Wed, 01 April 2015 23:04   |
MarkK
Messages: 342
Registered: April 2007
|
|
|
|
Between Sophos AV and ClamAV both running on our connect server, it is more of an exception that a malware zip file comes through. Getting the spam filter working good will also help, since that is the channel that a majority of those come in through.
(Yes, AV and spam are separate things, but catching and stopping bad emails in any form helps.)
|
|
|
|
|
|
| Re: Scanning Virus in ZIP [message #120540 is a reply to message #120439] |
Wed, 08 April 2015 18:01 |
88fingerslukee
Messages: 92
Registered: November 2007
|
|
|
|
Sophos is garbage. It is constantly allowing .zip files through that my Avast! desktop scanner is picking up.
Kerio needs to provide instructions on how to setup an alternative, virus-scanner or change to a company that provides better response to threats. I will be cancelling the Sophos portion of my software license the next time I renew.
I'm not happy.
|
|
|
|
| Re: Scanning Virus in ZIP [message #120544] |
Wed, 08 April 2015 18:50 |
graeme
Messages: 38
Registered: October 2013
|
|
|
|
No simple layer of defence is a good idea - esp. antivirus.
You can test samples on 50+ engines and only one will get it.
We use a EU firm to do our firm layer and even that misses some.
Use a gateway or saas product.
|
|
|
|
| Re: Scanning Virus in ZIP [message #120545 is a reply to message #120540] |
Wed, 08 April 2015 18:56 |
MarkK
Messages: 342
Registered: April 2007
|
|
|
|
Actually Sophos is one of the better malware detection companies. But there has been a lot of new malware variations coming out lately, and it takes time for the anti-malware companies to develop the detection for them. You can test this by submitting the malware attachments to virustotal.com to see if the 50+ various vendors will detect it. We have had some attachments lately that only 1 vendor was detecting it.
So it may not be Kerio fault, and it does take some time for the any vendor to develop detection for new malware.
Avast used to have a Kerio specific edition. I see it listed for other countries, but I don't see a specific one for Kerio on the US web site, though there is an email server edition. Contact Avast and see if they still have a Kerio capable version. You can buy that and have Kerio use it in addition to Sophos, or instead of Sophos.
|
|
|
|
|
|
|
|
| Re: Scanning Virus in ZIP [message #120966 is a reply to message #120439] |
Mon, 27 April 2015 20:47 |
Andrey.T
Messages: 6
Registered: April 2015
|
|
|
|
Pavel Dobry (Kerio) wrote on Thu, 02 April 2015 03:35
2. This option will come with upcoming Kerio Connect 8.5.
I tested it
test.js>test.zip = virus is not delivered
test.js>test.cab>test.zip = virus delivered and running! only the second mouse click...
Maybe discard zip archive containing filter rule file extensions?
|
|
|
|
| Re: Scanning Virus in ZIP [message #120979 is a reply to message #120966] |
Tue, 28 April 2015 09:29 |
Kedar
Messages: 356
Registered: April 2005
|
|
|
|
The forbidden extensions are defined directly in mailserver.cfg (there is no GUI in WebAdmin). If you need, stop Kerio Connect and add .cab to the list in mailserver.cfg
(We know the GUI or some checkbox for each rule is better, but there is not time to implement GUI in WebAdmin to the 8.5.0, incl. translations, doc, testing... We think used solution is better than nothing.)
|
|
|
|
|
|
|
|
|
|
| Re: Scanning Virus in ZIP [message #120984 is a reply to message #120983] |
Tue, 28 April 2015 12:19 |
Kedar
Messages: 356
Registered: April 2005
|
|
|
|
In 8.5.0 is only basic solution as the addition to build-in antivirus. We want deliver helpful feature for majority of users as soon as possible.
GUI, support for masks, nested archives etc. are not supported yet.
|
|
|
|
| Re: Scanning Virus in ZIP [message #120985 is a reply to message #120983] |
Tue, 28 April 2015 12:35 |
 |
Pavel Dobry (Kerio)
Messages: 2057
Registered: October 2003
Location: Czech Republic
|
|
|
|
I think you expect some functionality that is not intended with this feature. Virus should not be delivered as it is supposed to be caught by antivirus.
This feature about blocking attachments and most common types of malware, which is distributed as a .zip file so it opens automatically on many clients. It does what it says - blocking executable files with certain file extension in .zip file. It is not supposed to block file embedded in ZIP in ZIP in RAR in 7Z in tar.gz and such ridiculous recursive chains.
Knowledge Base: http://manuals.gfi.com/en/kerio/home/Content/Home.htm.
[Updated on: Tue, 28 April 2015 12:36] Report message to a moderator |
|
|
|
|
|
Members
Search
Help
Register
Login
Home
