| Re: Scanning Virus in ZIP [message #121254 is a reply to message #120985] |
Wed, 13 May 2015 18:01   |
Machete
Messages: 187
Registered: February 2012
Location: United States
|
|
|
|
Pavel Dobry (Kerio) wrote on Tue, 28 April 2015 06:35I think you expect some functionality that is not intended with this feature. Virus should not be delivered as it is supposed to be caught by antivirus.
This feature about blocking attachments and most common types of malware, which is distributed as a .zip file so it opens automatically on many clients. It does what it says - blocking executable files with certain file extension in .zip file. It is not supposed to block file embedded in ZIP in ZIP in RAR in 7Z in tar.gz and such ridiculous recursive chains.
Thanks Pavel - If I understand your post and the previous post by Radek -
Quote:The forbidden extensions are defined directly in mailserver.cfg (there is no GUI in WebAdmin). If you need, stop Kerio Connect and add .cab to the list in mailserver.cfg
In v8.5 I'll need to add (if it doesn't already exist) .exe to a list in the mailserver.cfg file correct? And this will block .exe files contained within a .ZIP file attachment.
|
|
|
|
| Re: Scanning Virus in ZIP [message #121388 is a reply to message #120540] |
Wed, 20 May 2015 01:03 |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
88fingerslukee wrote on Wed, 08 April 2015 18:01Sophos is garbage. It is constantly allowing .zip files through that my Avast! desktop scanner is picking up.
Kerio needs to provide instructions on how to setup an alternative, virus-scanner or change to a company that provides better response to threats. I will be cancelling the Sophos portion of my software license the next time I renew.
I'm not happy.
That Problem has ANY Mailscanner attached to a MailServer. Your local system has a running, quite extreme heuristic setting, while the serversystems only have a low setting or only a signature check.
Also, we had hardly any virusmail that came tru - was filtered with sophos or as spam before. With live protection it was even less that actually made it to our systems.
But in the past few weeks we had several viruses that made it to our users ... and when I uploaded those to virustotal.com and 2-3 other multiple virus checking sites not ONE scanner found it. Even our local anvira antivir with a bit higher heuristic couldn't find them.
I think the new option is awesome and should get rid of 95% of all viruses coming truh. I never saw a virus with multiple archives like .zip, .cab etc. - and the best defence against those is to tell the users and / or disable extract of them from the programs. use 7z for .7z and .zip and .rar, no .cab etc. - user will cry for help because he cant open it.
Also turn on the fucking file extentions.
The problem with viruses after THAT many detections and saftys sits in front of the pc and needs to be schooled. And it's really not that hard to school them to detect bad and good files...
|
|
|
|
| Re: Scanning Virus in ZIP [message #121704 is a reply to message #120439] |
Mon, 01 June 2015 16:33 |
CoreDump
Messages: 1
Registered: June 2015
|
|
|
|
Pavel Dobry (Kerio) wrote on Wed, 01 April 2015 16:35Machete wrote on Wed, 01 April 2015 17:25Just to confirm from the first reply of this post -
- Connect does scan inside .zip attachments for Virus? I just had a user open an .exe that inside a zip file and I'm now evaluating where the holes are in my protection - in addition to her desktop AV not being up to date somehow...
- Does Connect scan inside .zip attachments for blocked file types? I have ZIPs allowed - but block .exe's
1. Yes it does scan inside .zip attachments. With Kerio Connect 8.4.2 there is also an online Sophos Live Protection scan for malware attachments.
2. This option will come with upcoming Kerio Connect 8.5.
How do I set up option two (scan within zip files for banned extensions)? There's mention of manual edit of mailserver.cfg, but how/what do I enter? Thanks.
|
|
|
|
Members
Search
Help
Register
Login
Home
