GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Sophos issues - any other solutions? (Virus scanning in Zips :()
Re: Sophos issues - any other solutions? [message #108775 is a reply to message #108772] Thu, 28 November 2013 17:38 Go to previous messageGo to next message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013
Scotty wrote on Thu, 28 November 2013 15:57
Ok cant seem to get Sophos to earn its keep - getting literally hundreds of virused emails through, most are .exe files hidden in zip files so I am back to the conclusion Sophos is not checking inside the zip or this is not switched on for some reason?
I also have .exe files blocked in configuration

Example of trapped emails on local machine - these simply should not be getting past Sophos.
Cant figure a way of keeping the virus intact without endangering my own system, all are trapped using Eset


First of all - what's your level of experience in IT stuff? Did you study it? Nothing personal, it would just make it easier for myself to answer questions/offer ideas Smile

Now ontopic again - would you please describe how your network/system looks? OS/Switch/Router etc.? Makes the error search a bit easier.

Then - what about the kerio debug log for sophos? What does it say? Any errors?

And two ideas:

1. You need the right license for kerio connect, otherwise sophos wont work - do you have it?
2. Do you use any kind of Mailproxy? From where do the mails come? I guess it could be, that your server gets the mails from an internal ip address or from a ip range, that is excluded to scanning. Usually all local ip networks are excluded from anti-spam and some other things. Maybe that's it.

And - if it's ok with you, I would send you my mailaddress with a pm and you redirect some virusmails. Let's see if our kerio can find them.
Oh btw. - it's no problem to disable your local AV. Even if you get the virus, as long as you don't open the zip file and actually execute the .exe nothing can happen to you. Just looking into the mail won't get you infected.
Re: Sophos issues - any other solutions? [message #108778 is a reply to message #108772] Thu, 28 November 2013 18:58 Go to previous messageGo to next message
MarkK is currently offline  MarkK
Messages: 342
Registered: April 2007
We understand that you are having a large number of malware emails making it through, but it would be VERY helpful if you did a couple of the submitted ideas.

First,
I agree with you that if ESet is catching the virus, then Sophos should. But can you submit a copy of one of the attachments to the web site www.virustotal.com for instant scanning and see if Sophos detects anything. I'm guessing that it probably will.

Second,
Have you turned on the Debug logging for AV processing? Since the AV is not working the way that it should, debug logging would help to answer what exactly is happening. That will tell you that the file was processed and nothing found, or that the file was skipped, or that the file was not available for scanning for some reason. In short, it will go a long way to answering what is happening so that you can decide what action to take to fix the issue.

To enable Debug logging, in the Admin panel, go to the logging option, click on Debug log, right click in the logging window, and select Messages, and then select Antivirus Checking. This is going to answer your question very quickly about what is happening with Sophos.
Re: Sophos issues - any other solutions? [message #108802 is a reply to message #108778] Fri, 29 November 2013 21:38 Go to previous messageGo to next message
Scotty is currently offline  Scotty
Messages: 11
Registered: November 2013
Location: Scotland
Ok switched on debug log for Sophos

The following log showed in the ordinary mail log:

29898d6-00002e0a, Service: SMTP, From: <support@nacha.org>, To: <admin@*******.co.uk>, Size: 18114, Sender-Host: 186.80.47.126, Subject: FW : Complaint - 4086346, Msg-Id: <2609049986.1VDZZOAY150137<_at_>avelxifoygft.fdiacuvgbewig.va >
[29/Nov/2013 13:38:33] Sent: Queue-ID: 529898d6-00002e0a, Recipient: <admin@********.co.uk>, Result: delivered, Status: 2.0.0 , Remote-Host: 127.0.0.1, Msg-Id: <2609049986.1VDZZOAY150137<_at_>avelxifoygft.fdiacuvgbewig.va >

There was no corresponding log in the debug log for Sophos

Yet Eset catches the virus
Warning, ESET Smart Security found the following threats in the message:

Case_4086346.zip - Suspicious Object - deleted
Case_4086346.zip > ZIP > Case.exe - Suspicious Object - was a part of the deleted object

Maerad
My knowledge on servers is reasonably good, no so much with Kerio
This is a Kerio connect platform for several clients use and no special restrictions are in place, The server process and holds the email while clients are connecting via Imap or poP

The Debug log shows Sophos working but viruses are sailing through - only 1 for me today but one client reported at least 15

29/Nov/2013 20:17:07][28261] {avir} Running antivirus check on mail from <root@*******.co.uk> to <servers<_at_>******.co.uk> size 1829 B
[29/Nov/2013 20:17:07][28261] {avir} Client: requesting check for file /opt/kerio/mailserver/store/tmp/5298f641-0000308c/avfile.tmp , mail from <root@*********.co.uk> to <servers<_at_>*******.co.uk>
[29/Nov/2013 20:17:07][28261] {avir} Checking file /opt/kerio/mailserver/store/tmp/5298f641-0000308c/avfile.tmp for JPEG vulnerabilities
[29/Nov/2013 20:17:07][28261] {avir} Client: waiting for result...
[29/Nov/2013 20:17:07][17246] {avir} (PID: 17245) Sophos_plugin: Scanning file /opt/kerio/mailserver/store/tmp/5298f641-0000308c/avfile.tmp ...
[29/Nov/2013 20:17:07][17246] {avir} (PID: 17245) Sophos_plugin: File scanning finished successfully
[29/Nov/2013 20:17:07][28261] {avir} Sophos plug-in scanning avfile.tmp (/opt/kerio/mailserver/store/tmp/5298f641-0000308c/avfile.tm p) - verdict: No Virus found
[29/Nov/2013 20:17:07][28261] {avir} Client: check result: (2) Clean

Obviously there is a possibility this is user error but the configuration of Sophos seems pretty basic

I have just added a zip file block and redirect to a collection mailbox to see if that will stop them going through
Re: Sophos issues - any other solutions? [message #108877 is a reply to message #108173] Tue, 03 December 2013 15:08 Go to previous messageGo to next message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013
Hiya! Smile

Well, we got a virus too!

I guess the zip files are scanned but the viruses are too new to get caught. And I _GUESS_ Sophos does only use the static virus scan and not the heuristics to detect unknown stuff. Maybe a dev. could look into that. EDIT Would be nice if there were some options for tuning the scanner like the detection aggressiveness (low, med, high) etc. /EDIT

I tested the virus against virustotal.com and got a rating 15 / 48, Sophos actually knew it (Sophos Mal/BredoZp-B) (some hours later after we got it) - the last scan in the morning only had a 6/48 rating. I started a new one.

And here the log btw. - had debug av and spam logging still turned on Smile

(Sad thing is - our panda antivir didn't catch it too. Narf, we change to avira anyway next year)

[03/Dec/2013 11:52:59][56] {spf} Checking address: rephrasinge<_at_>gmxnet.de
[03/Dec/2013 11:52:59][56] {spf} SPF result: PermError
[03/Dec/2013 11:52:59][56] {spf} Received-SPF: unknown (our.mail.server: error in processing during lookup of domain of gmxnet.de: DNS lookup failure) client-ip=103.28.210.162; envelope-from=rephrasinge<_at_>gmxnet.de;
[03/Dec/2013 11:53:02][56] {greylist} Greylisting: testing mail from "rephrasinge@gmxnet.de" to "Our<_at_>recipent.com" sent by 103.28.210.162.
[03/Dec/2013 11:53:02][56] {greylist} Greylisting: Kerio Connect sent "GREYL 103.28.210.162 9gYqtbDbmeNm4k6uF3QnCw==" over TLS.
[03/Dec/2013 11:53:02][56] {greylist} Greylisting: service responded "211 Pass" over TLS.
[03/Dec/2013 11:53:02][56] {greylist} Greylisting is accepting mail, query finished in 182 ms with result "PASS".
[03/Dec/2013 11:53:03][6724] {avir} Running antivirus check on mail from <rephrasinge@gmxnet.de> to <Our<_at_>recipent.com> size 210972 B
[03/Dec/2013 11:53:03][6724] {avir} Client: requesting check for file E:\Kerio Connect\MailServer\store/tmp/529db80b-00000e8b/avfile.tmp, mail from <rephrasinge@gmxnet.de> to <Our<_at_>recipent.com>
[03/Dec/2013 11:53:03][6724] {avir} Checking file E:\Kerio Connect\MailServer\store/tmp/529db80b-00000e8b/avfile.tmp for JPEG vulnerabilities
[03/Dec/2013 11:53:03][6724] {avir} Client: waiting for result...
[03/Dec/2013 11:53:03][6724] {avir} Sophos plug-in scanning avfile.tmp (E:\Kerio Connect\MailServer\store/tmp/529db80b-00000e8b/avfile.tmp) - verdict: No Virus found
[03/Dec/2013 11:53:03][6724] {avir} Client: check result: (2) Clean
[03/Dec/2013 11:53:03][6724] {avir} Client: requesting check for file E:\Kerio Connect\MailServer\store/tmp/529db80b-00000e8b/avfile.tmp, mail from <rephrasinge@gmxnet.de> to <Our<_at_>recipent.com>
[03/Dec/2013 11:53:03][6724] {avir} Checking file E:\Kerio Connect\MailServer\store/tmp/529db80b-00000e8b/avfile.tmp for JPEG vulnerabilities
[03/Dec/2013 11:53:03][6724] {avir} Client: waiting for result...
[03/Dec/2013 11:53:03][6724] {avir} Sophos plug-in scanning avfile.tmp (E:\Kerio Connect\MailServer\store/tmp/529db80b-00000e8b/avfile.tmp) - verdict: No Virus found
[03/Dec/2013 11:53:03][6724] {avir} Client: check result: (2) Clean
[03/Dec/2013 11:53:03][6724] {avir} Client: requesting check for file E:\Kerio Connect\MailServer\store/tmp/529db80b-00000e8b/avfile.tmp, mail from <rephrasinge@gmxnet.de> to <Our<_at_>recipent.com>
[03/Dec/2013 11:53:03][6724] {avir} Checking file E:\Kerio Connect\MailServer\store/tmp/529db80b-00000e8b/avfile.tmp for JPEG vulnerabilities
[03/Dec/2013 11:53:03][6724] {avir} Client: waiting for result...
[03/Dec/2013 11:53:03][6724] {avir} Sophos plug-in scanning RG591923100.zip (E:\Kerio Connect\MailServer\store/tmp/529db80b-00000e8b/avfile.tmp) - verdict: No Virus found
[03/Dec/2013 11:53:03][6724] {avir} Client: check result: (2) Clean
[03/Dec/2013 11:53:03][6724] {spam} Spam Filter: calculating spam rating for message 529db80b-00000e8b from <rephrasinge@gmxnet.de> to <Our<_at_>recipent.com>...
[03/Dec/2013 11:53:03][6724] {spam} Spam Filter: Sender IP is on blacklists, adding score 2.00 (DNSBL_B.BARRACUDACENTRAL.ORG: 1.00,DNSBL_CBL.ABUSEAT.ORG: 1.00)
[03/Dec/2013 11:53:03][6724] {spam} Spam Filter: Message is too big. SpamAssassin message size limit is 131072 bytes.
[03/Dec/2013 11:53:03][6724] {spam} Spam Filter: Custom spam rules check finished, adding score 0.00
[03/Dec/2013 11:53:03][6724] {spam} Spam Filter: Message 529db80b-00000e8b from <rephrasinge@gmxnet.de> to <Our<_at_>recipent.com> got 2.00 hits, total spam score is 2.000

[Updated on: Tue, 03 December 2013 18:39]

Report message to a moderator

Re: Sophos issues - any other solutions? [message #108881 is a reply to message #108173] Tue, 03 December 2013 18:58 Go to previous messageGo to next message
MarkK is currently offline  MarkK
Messages: 342
Registered: April 2007
We have gone through the phases of being among the first to get new variants of malware. Looking at the spam portion of the log, working on your Kerio Spam and Spam Assassin scoring would help quite a bit with the malware as well. Typically, malware is delivered with spam emails, so filtering those out is a form of AV as well.

The email in the log was on 2 different black lists; DNSBL_B.BARRACUDACENTRAL.ORG: 1.00,DNSBL_CBL.ABUSEAT.ORG: 1.00, only giving a score of 2. Plus it was sent from a .DE domain. So I would be asking a few questions here. What is your Spam Threshold set at? Shouldn't an email that is on 2 different black lists cause the email to be scored high enough to be marked as spam? Depending on who your customers are, and where you are seeing malware emailed from, would a rule that adds to the spam scoring for emails from the .DE domain be something that you want to put in to place? We block all emails coming from .INFO domains, since I have never seen a valid email actually come from one (in my personal experience).

Spend some time working on the spam filtering, and the malware filtering will improve as well. There are a few postings in the Kerio Connect forum about improving the spam filtering.
Re: Sophos issues - any other solutions? [message #108885 is a reply to message #108173] Tue, 03 December 2013 22:06 Go to previous messageGo to next message
teco is currently offline  teco
Messages: 4
Registered: April 2005
Location: Germany
It looks like an internal problem of the sophos engine itself.


Try the following (best on a PC with disabled antivirus ot get the test files):

Open the Zip with the EICAR Virus.

What is the filename of the EICAR Test? Does it end with .dll, .msi or .exe?

If not, please unpack the Test file and rename it to .exe or .dll or .msi. Best to all of them.

Create a new zip with this file/s.

Use a freemailer or something else from outside the inhouse network and send yourself a new email with this zip attachment.

If the test is now catched, there could be a parsing problem with sophos. In other words: it ignores file extensions which are internal flagged as "can not be infected - no need to scan".
Re: Sophos issues - any other solutions? [message #108895 is a reply to message #108802] Wed, 04 December 2013 09:35 Go to previous messageGo to next message
clan is currently offline  clan
Messages: 187
Registered: May 2011
Scotty wrote on Fri, 29 November 2013 21:38
Ok switched on debug log for Sophos

The following log showed in the ordinary mail log:

29898d6-00002e0a, Service: SMTP, From: <support@nacha.org>, To: <admin<_at_>*******.co.uk>, Size: 18114, Sender-Host: 186.80.47.126, Subject: FW : Complaint - 4086346, Msg-Id: <2609049986.1VDZZOAY150137<_at_>avelxifoygft.fdiacuvgbewig.va >
[29/Nov/2013 13:38:33] Sent: Queue-ID: 529898d6-00002e0a, Recipient: <admin<_at_>********.co.uk>, Result: delivered, Status: 2.0.0 , Remote-Host: 127.0.0.1, Msg-Id: <2609049986.1VDZZOAY150137<_at_>avelxifoygft.fdiacuvgbewig.va >

There was no corresponding log in the debug log for Sophos

With antivir logging switched on, every mail that is scanned should appear in the debug log, so if there is no corresponding entry in the debug log the mail was possibly not scanned.
I did not find a setting that would prevent scanning, and no debug setting that sounds like it could help, but maybe someone at Kerio feels like contributing...


Re: Sophos issues - any other solutions? [message #108896 is a reply to message #108881] Wed, 04 December 2013 09:47 Go to previous messageGo to next message
clan is currently offline  clan
Messages: 187
Registered: May 2011
MarkK wrote on Tue, 03 December 2013 18:58
The email in the log was on 2 different black lists; DNSBL_B.BARRACUDACENTRAL.ORG: 1.00,DNSBL_CBL.ABUSEAT.ORG: 1.00, only giving a score of 2. Plus it was sent from a .DE domain.

I agree with your remark about the black lists, but I think you are wrong about the domain:
while the address supplied is from a German domain, looking at the IP address the mail was delivered from Singapore. This may also explain the permanent SPF error.


Re: Sophos issues - any other solutions? [message #108897 is a reply to message #108881] Wed, 04 December 2013 10:53 Go to previous messageGo to next message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013
MarkK wrote on Tue, 03 December 2013 18:58
Typically, malware is delivered with spam emails, so filtering those out is a form of AV as well.

The email in the log was on 2 different black lists; DNSBL_B.BARRACUDACENTRAL.ORG: 1.00,DNSBL_CBL.ABUSEAT.ORG: 1.00, only giving a score of 2. Plus it was sent from a .DE domain. So I would be asking a few questions here. What is your Spam Threshold set at? Shouldn't an email that is on 2 different black lists cause the email to be scored high enough to be marked as spam? Depending on who your customers are, and where you are seeing malware emailed from, would a rule that adds to the spam scoring for emails from the .DE domain be something that you want to put in to place? We block all emails coming from .INFO domains, since I have never seen a valid email actually come from one (in my personal experience).


Problem is, those malware things are not only delivered by spam or are masked as standard mail. In this case the mail was written without errors and looked like a official one.

Spamfiltering (in my opinion) has to be well balanced. If 2 DNS Blacklist tell you "bad", it doesn't mean anything. There are tons of issues with them and many wrong listings. The settings itself are already quite strict, but I can't overdo it.

If a mail gets blocked by mistake, our employees would kill me. And if a mail from a new customer comes in with an order and we didn't receive it, we lose real money. And some of those mails from other countries are written in a terribad english, sometimes with serverconfigs where the PTR DNS dosen't work for the sender, no spf entries, blacklist blocked because some other customers of the ISP send spam etc. pp. And blocking a whole TLD is out of question, because we even got orders out of Iran etc. Especially blocking DE Domains would be bad, because we are from Germany Wink
Same with .info domains, there are many legit .info customers. We our self got a .biz domain. Also not too common, but it's more then legit.

In the spammail case, the .de domain was a fake anyway, the IP reversed to .sg. But the text didn't get caught by spam assassin etc. because it was well written. Here's the orig. msg btw.

Quote:
Ihre Kundennummer: 545391186

Sehr geehrter ,

anbei erhalten Sie Ihre Rechnung vom 03.12.2013.
Wie vereinbart werden wir den Betrag in den nächsten Tagen von Ihrem Konto einziehen.

Ihre Rechnung ist im PDF-Format erstellt worden. Um sich Ihre Rechnung anschauen zu können, klicken Sie auf den Anhang und es öffnet sich automatisch der Acrobat Reader. Sollten Sie keinen Acrobat Reader besitzen, haben wir für Sie den Link zum kostenlosen Download von Adobe Acrobat Reader mit angegeben. Er führt Sie automatisch auf die Downloadseite von Adobe. So können Sie sich Ihre Rechnung auch für Ihre Unterlagen ausdrucken.

http://www.adobe.de/products/acrobat/readstep2.html

GMX ist ein Dienst der 1&1 Mail & Media GmbH.


Mit freundlichen Grüßen

Ihr GMX Kundenservice


--

Impressum: http://gmxnet.de/de/impressum

[ Dies ist eine automatisch generierte Nachricht, bitte antworten Sie nicht an diesen Absender.
Falls Sie Fragen an den GMX Support haben, verwenden Sie bitte das Formular auf www.gmx.de/rechnungsfragen ]

Re: Sophos issues - any other solutions? [message #108899 is a reply to message #108896] Wed, 04 December 2013 12:10 Go to previous messageGo to next message
Scotty is currently offline  Scotty
Messages: 11
Registered: November 2013
Location: Scotland
Spam filtration should have little or no bearing on virus control
Many viruses arrive from legitimate sources from compromised servers/clients that have no knowledge they are sending out anything and will pass most spam checks as legitimate - at least for a time. Blocking on SPF is not an option and blocking on a domain extension is not at all realistic for most people.

I was of the opinion Sophos wasnt catching viruses inside zip files but after switching on debug and forwarding to a collection account I can see it does indeed work ( of sorts) the failure rate though is high, much higher than I would have expected from a product such as Sophos, failure to detect is as high as 10-20% - this to me is totally unacceptable.

For myself Eset is capturing everything locally but I am aware other clients on this platform are not so lucky when using other virus scanners.
I have around 30 servers, all bar the Kerio run Spamassassin + ClamAV opensource product that produces far better results IMO.

To me Virus scanning is something you should install and forget and the ability to detect based on the virus definition file not some pseudo calculation on spam scoring

I have to say the Spamassassin on the Kerio platform is producing some really obnoxious spam scores compared to other installations. I have to keep clearing out the bayesian filter but not had the time to tie down the issues yet so relying on SA to help Sophos out really is a no go for me.

Re: Sophos issues - any other solutions? [message #108945 is a reply to message #108897] Thu, 05 December 2013 18:09 Go to previous messageGo to next message
MarkK is currently offline  MarkK
Messages: 342
Registered: April 2007
A few things:

"Spamassassin + ClamAV opensource product that produces far better results"
Are you running an older version of Kerio that can still use ClamAV? Or are you using the ClamAV plugin for SpamAssassin? If you are using the plugin for SA, care to share how you did it?

My apologies for making it sound like I was saying .INFO or .BIZ domains were not legit. Rereading what I wrote could come across that way, but was not meant like that. I should worded that differently. They are certainly valid domains, though not as common. What I meant was that in my company's line of business, .INFO domains are not ones that we have done any business with, not to say that we couldn't. Same goes for the .DE domain in our case; we are a small local company serving just the local area, so blocking emails from an international domain is something that we will consider doing. (We don't block .DE emails, but we do block .RU emails JUST BECAUSE we don't do any business in Russia and the landslide of spams that we were receiving from .RU email addresses.)

As for "Spam filtration should have little or no bearing on virus control" - My personal thoughts are (not saying that anyone should care what my thoughts are) is that since spam is one of the major transports of malware, having good spam control in place will AID in preventing malware from being delivered. Yes, valid email accounts get hacked or used to send out malware, but I certainly get FAR MORE offers for fake prescriptions, buy my crap, make millions of $$$'s, or look at my intimate pics, than I do of friend's or customer's valid email addresses that have a malware link or attachment with it. I do certainly agree that spam writer's are getting MUCH better, making it MUCH harder to filter out.

Back to the original posters subject:

It does scan inside zips. I have Kerio move copies of found infected emails to a folder. This is just one of the malware emails from today so far.

This part of mail contained a virus:
MIME type: application/octet-stream
File name: IMG9748234693-JPG.zip
File size: 28.97 kB
Virus name: Mal/DrodZp-A
Antivirus: Sophos Scanning Engine (4.94G.5825037/3.48.0.0)
The attachment was removed by mailserver
at mail.{mymailserver}.com.
Re: Sophos issues - any other solutions? [message #108947 is a reply to message #108945] Thu, 05 December 2013 18:32 Go to previous messageGo to next message
Pavel Dobry (Kerio) is currently offline  Pavel Dobry (Kerio)
Messages: 2057
Registered: October 2003
Location: Czech Republic
MarkK wrote on Thu, 05 December 2013 18:09
A few things:
"Spamassassin + ClamAV opensource product that produces far better results"
Are you running an older version of Kerio that can still use ClamAV? Or are you using the ClamAV plugin for SpamAssassin? If you are using the plugin for SA, care to share how you did it?


You can use this one: http://bit.ly/19jEEzJ. Works with latest Kerio Connect. 8.2.


[Updated on: Thu, 05 December 2013 18:33]

Report message to a moderator

Re: Sophos issues - any other solutions? [message #108951 is a reply to message #108947] Thu, 05 December 2013 19:54 Go to previous messageGo to next message
j.a.duke is currently offline  j.a.duke
Messages: 239
Registered: October 2006
Pavel Dobry (Kerio) wrote on Thu, 05 December 2013 12:32
MarkK wrote on Thu, 05 December 2013 18:09
A few things:
"Spamassassin + ClamAV opensource product that produces far better results"
Are you running an older version of Kerio that can still use ClamAV? Or are you using the ClamAV plugin for SpamAssassin? If you are using the plugin for SA, care to share how you did it?


You can use this one: http://bit.ly/19jEEzJ. Works with latest Kerio Connect. 8.2.


Pavel,

Is there a compiled Mac plugin? I've had a good friend of mine, who is an experienced Mac developer, working to compile one from the source code you posted, but he's had no luck so far.

Thanks.

Cheers,
Jon
Re: Sophos issues - any other solutions? [message #108958 is a reply to message #108951] Fri, 06 December 2013 11:15 Go to previous messageGo to next message
Scotty is currently offline  Scotty
Messages: 11
Registered: November 2013
Location: Scotland

MarkK

Yes I did agree it does scan inside zips - it was the failure rate that was leading me to the other conclusion, this has improved slightly ( as far as I can tell) but going by the level of complaints not improved enough.
Kerio markets this product as a complete email solution so I dont think it unreasonable to expect that spam and virus filtration is at least up to par with industry leaders.
There is little control over the spam filtration other than having to re-write the spamassassin scoring which gets over written when Kerio is upgraded, our Baysian filters are being poisoned and having to be reset every few days, we only have one Kerio server and its the only one giving us any grief in terms of Spam and Virus control.

For the moment I have blocked and quarantined all zip file attachments which for me is not a long term solution, I just hope this works better then the virus scanning.
Re: Sophos issues - any other solutions? [message #108965 is a reply to message #108958] Fri, 06 December 2013 13:51 Go to previous messageGo to previous message
PascalDorland is currently offline  PascalDorland
Messages: 5
Registered: June 2011
Location: Hilversum
Just a quick reply from my side, I haven't had the time to read this entire conversation but I am experiencing the same issues with Sophos not detecting a virus and ESET detecting it on the client (Outlook in my case).

My two cents just to backup the admins experiencing this concerning problem in this topic...which we've also mentioned to Kerio and is in examination as we speak.
Previous Topic: Network interface configuration
Next Topic: Connection to iCal failed
Goto Forum:
  


Current Time: Tue Sep 26 04:11:54 CEST 2023

Total time taken to generate the page: 0.06469 seconds