| Re: Sophos issues - any other solutions? [message #108966 is a reply to message #108965] |
Fri, 06 December 2013 15:39   |
Scotty
Messages: 11
Registered: November 2013
Location: Scotland
|
|
|
|
Ok not really planning on spending much more time or effort on this but for the sake of clarity
Yesterday I switched on block by file type zip and sent to a quarantine account for collection, I have virus debug switched on in kerio logs
Today since 00:00am there has been 29 zip files sent to the quarantine account - all are viruses
However several others have slipped through despite the content filter AND the Virus scan
I switched off my local virus scanning to enable testing of the viruses that get through and all are confirmed and ironically all show as known to Sophos
So I Immediately sent back a confirmed virus to my own account and it arrived in my inbox seconds later complete and armed
Now Sophos apparently does not scan anything that is already blocked in the content filter but interestingly I can still see zipped files showing up in the Sophos debug log with a verdict: No Virus Found - which is the exact same virus that is already trapped in quarantine and confirmed by virustotal.
Rapidly losing confidence that I can ever make this work - so looking at alternatives.
Now a rather more contentious issue is that in the past 14hrs or so the kerio server has received say 30 trapped and an unknown number that have made it through the defences, there are 5 domains and 34 accounts on this server - Now compare that to another non kerio server where there are 300 domains and approx 8000 email accounts, the number of viruses trapped is 104 over 30 days.
Its almost like the domains on the Kerio platform are being targeted
|
|
|
|
| Re: Sophos issues - any other solutions? [message #108968 is a reply to message #108173] |
Fri, 06 December 2013 16:31 |
MarkK
Messages: 342
Registered: April 2007
|
|
|
|
|
You can run both Sophos and ClamAV at the same time. You just need the ClamAV plugin .dll (if you are running Windows) to enable it in the Admin console, along with a copy of ClamAV running on the server. That might help.
|
|
|
|
| Re: Sophos issues - any other solutions? [message #108970 is a reply to message #108968] |
Fri, 06 December 2013 16:45 |
Scotty
Messages: 11
Registered: November 2013
Location: Scotland
|
|
|
|
MarkK wrote on Fri, 06 December 2013 16:31You can run both Sophos and ClamAV at the same time. You just need the ClamAV plugin .dll (if you are running Windows) to enable it in the Admin console, along with a copy of ClamAV running on the server. That might help.
Running Linux - I see there is also a ClamAV module listed for Linux platform so may try that
|
|
|
|
| Re: Sophos issues - any other solutions? [message #110184 is a reply to message #108173] |
Tue, 28 January 2014 23:27 |
Scotty
Messages: 11
Registered: November 2013
Location: Scotland
|
|
|
|
Just thought I would update this thread
I had blocked zip files which was a way of avoiding the viruses getting to clients, but after an update to the software that block stopped working and bingo back to viruses sailing through kerio connect once again
Have now setup external MX for filtering before it gets to kerio and all is working fine no more viruses and a substantially better spam defence system.
Bit pee'd off that I am now having to pay for an external defence while paying for a complete solution (sic) - While accepting Sophos is a major brand the integration with Kerio is simply not working well enough
|
|
|
|
|
|
| Re: Sophos issues - any other solutions? [message #110204 is a reply to message #110184] |
Wed, 29 January 2014 14:08 |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
Scotty wrote on Tue, 28 January 2014 23:27Just thought I would update this thread
I had blocked zip files which was a way of avoiding the viruses getting to clients, but after an update to the software that block stopped working and bingo back to viruses sailing through kerio connect once again
Have now setup external MX for filtering before it gets to kerio and all is working fine no more viruses and a substantially better spam defence system.
Bit pee'd off that I am now having to pay for an external defence while paying for a complete solution (sic) - While accepting Sophos is a major brand the integration with Kerio is simply not working well enough
I was rereading the last postings from you and I still believe there might be something with your installation.
Did you install kerio connect on linux standalone or do you use the vm image? What Linuxversion do you use, what kerio version? There might also be the case, that kerio has a access problem (or sophos), so the zip can't be extracted right, sophos can't scan it but gives a "all ok" back.
Does the antivir even update? Did you check that?
Not only the dashboard, also the directory Kerio Connect/MailServer/sophos/ - there should be around 2 files with the last sync data.
Also - do you run a real antivirus on the server itself? Not only for Mail, something like a real time check. IF you do, that realtimescanner could deny the access to the file for sophos.
And please check WHERE the mail scan found the viruses. Was it really in the mail or somewhere else? Depending on the program used, the attachments via IMAP are not nessesary downloaded, only the headers. With outlook it's even more different because of the cache.
Might be worth trying to get the real error. We receive many virusmails too and in the last month I hadn't even one virus mail. Also like most ppl here said, they don't have those problems either. So it might be your system and/or config.
If it's possible I would suggest reinstalling kerio or DL the VM Image, copy kerio over without the ACL/Access rights and try it again. Even ClamWIN with hmailserver could detect 98% viruses without problem... when we had it back then.
|
|
|
|
| Re: Sophos issues - any other solutions? [message #110206 is a reply to message #110204] |
Wed, 29 January 2014 15:15 |
Scotty
Messages: 11
Registered: November 2013
Location: Scotland
|
|
|
|
Maerad
I think if you look through the thread others were reporting the same problem so was not restricted to myself
Kerio is installed an a stand alone dedicated server running Centos
The anti virus is set to check every hour and does indeed update
There is no other software running on this bar operating system and Kerio connect which is up to date
The viruses are all zip attachments - logs show them being checked and declared clean but are caught at receivers side by their own virus scanners
I did setup to deny zip files ( not an ideal solution) and in the space of around 6 weeks 2783 zipped files were channeled to a quarantine account - all of them virus or suspect
I have now disabled checking on Kerio and am routing the mail through an external spam/virus filter and all issues have now been resolved - Kerio doesnt allow per user/domain configuration so I now have a much better solution and one that works so not going to mess around any more trying to get Sophos/spam control within Kerio to do what I expected it to do.
I do appreciate it could be something that I have not done correctly but have followed all instructions and the virus scanning is or appears to be a simple case of being switched off or switched on. Having said that when I can see an email in the logs being declared clean and that same message containing a virus when it gets through
Thank you for the interest and I will reply to your PM
|
|
|
|
| Re: Sophos issues - any other solutions? [message #110213 is a reply to message #110206] |
Wed, 29 January 2014 16:41 |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
Quote:I have now disabled checking on Kerio and am routing the mail through an external spam/virus filter and all issues have now been resolved - Kerio doesnt allow per user/domain configuration so I now have a much better solution and one that works so not going to mess around any more trying to get Sophos/spam control within Kerio to do what I expected it to do.
Oh, believe me, I can fully understand how you feel. It's just that I can't get, why it works so poorly for you. Even with the default anti-spam and antivir options, almost all spam was detected and maybe 1 virus in 1 month came tru. After I tweaked the antispam a bit (like SMTP Wait time to 25, enabled the dns services, SPF, added spf etc. entries to the dns, greylisting) it's almost perfect. Can't turn the spam detection too high, because we get some legit but badly written mails from other countries, but no virus in a long time and no spam too.
Well, it could also be, that the Sophos for Linux is bad. We use Windows Server 2012 and had no problems. From the thread it might be, that most use Linux or MacOS as base. Maybe the sophos linux client used in kerio sucks?
Quote:I do appreciate it could be something that I have not done correctly but have followed all instructions and the virus scanning is or appears to be a simple case of being switched off or switched on. Having said that when I can see an email in the logs being declared clean and that same message containing a virus when it gets through
Yeah, I was under the impression that you know what you're doing. As so often, you just start to wonder why it works for yourself without problems and someone else has some problems with it 
|
|
|
|
Members
Search
Help
Register
Login
Home
