GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from

Home » GFI User Forums » Kerio Connect » Scanning Virus in ZIP (Scanning Virus in ZIP)
Re: Scanning Virus in ZIP [message #121254 is a reply to message #120985] Wed, 13 May 2015 18:01 Go to previous messageGo to next message
Messages: 187
Registered: February 2012
Location: United States
Pavel Dobry (Kerio) wrote on Tue, 28 April 2015 06:35
I think you expect some functionality that is not intended with this feature. Virus should not be delivered as it is supposed to be caught by antivirus.
This feature about blocking attachments and most common types of malware, which is distributed as a .zip file so it opens automatically on many clients. It does what it says - blocking executable files with certain file extension in .zip file. It is not supposed to block file embedded in ZIP in ZIP in RAR in 7Z in tar.gz and such ridiculous recursive chains.

Thanks Pavel - If I understand your post and the previous post by Radek -

The forbidden extensions are defined directly in mailserver.cfg (there is no GUI in WebAdmin). If you need, stop Kerio Connect and add .cab to the list in mailserver.cfg

In v8.5 I'll need to add (if it doesn't already exist) .exe to a list in the mailserver.cfg file correct? And this will block .exe files contained within a .ZIP file attachment.
Re: Scanning Virus in ZIP [message #121388 is a reply to message #120540] Wed, 20 May 2015 01:03 Go to previous messageGo to next message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013
88fingerslukee wrote on Wed, 08 April 2015 18:01
Sophos is garbage. It is constantly allowing .zip files through that my Avast! desktop scanner is picking up.

Kerio needs to provide instructions on how to setup an alternative, virus-scanner or change to a company that provides better response to threats. I will be cancelling the Sophos portion of my software license the next time I renew.

I'm not happy.

That Problem has ANY Mailscanner attached to a MailServer. Your local system has a running, quite extreme heuristic setting, while the serversystems only have a low setting or only a signature check.

Also, we had hardly any virusmail that came tru - was filtered with sophos or as spam before. With live protection it was even less that actually made it to our systems.

But in the past few weeks we had several viruses that made it to our users ... and when I uploaded those to and 2-3 other multiple virus checking sites not ONE scanner found it. Even our local anvira antivir with a bit higher heuristic couldn't find them.

I think the new option is awesome and should get rid of 95% of all viruses coming truh. I never saw a virus with multiple archives like .zip, .cab etc. - and the best defence against those is to tell the users and / or disable extract of them from the programs. use 7z for .7z and .zip and .rar, no .cab etc. - user will cry for help because he cant open it.

Also turn on the fucking file extentions.

The problem with viruses after THAT many detections and saftys sits in front of the pc and needs to be schooled. And it's really not that hard to school them to detect bad and good files...
Re: Scanning Virus in ZIP [message #121704 is a reply to message #120439] Mon, 01 June 2015 16:33 Go to previous message
Messages: 1
Registered: June 2015
Pavel Dobry (Kerio) wrote on Wed, 01 April 2015 16:35
Machete wrote on Wed, 01 April 2015 17:25
Just to confirm from the first reply of this post -

- Connect does scan inside .zip attachments for Virus? I just had a user open an .exe that inside a zip file and I'm now evaluating where the holes are in my protection - in addition to her desktop AV not being up to date somehow...

- Does Connect scan inside .zip attachments for blocked file types? I have ZIPs allowed - but block .exe's

1. Yes it does scan inside .zip attachments. With Kerio Connect 8.4.2 there is also an online Sophos Live Protection scan for malware attachments.

2. This option will come with upcoming Kerio Connect 8.5.

How do I set up option two (scan within zip files for banned extensions)? There's mention of manual edit of mailserver.cfg, but how/what do I enter? Thanks.

Previous Topic: User Rights by using "Another Mailbox"
Next Topic: Webmail server not responding after upgrade to 8.4.0
Goto Forum:

Current Time: Thu Sep 28 00:40:05 CEST 2023

Total time taken to generate the page: 0.07450 seconds