 Sophos AV - why am I paying for this? [message #121918] |
Wed, 10 June 2015 12:33  |
zebby
Messages: 154
Registered: March 2009
|
|
|
|
Using KC 8.4.2
In the security log:
[09/Jun/2015 14:18:04] Sophos database has been successfully updated. Sophos Scanning Engine (5.15.9242179/3.60.0.0) is now active.
27 minutes later, this message with a Word document attached sails through and get delivered:
09/Jun/2015 14:45:43] Recv: Queue-ID: 5576edf8-0000dd4a, Service: SMTP, From: <gulletuz58@rmc101.com>, To: <user@ourdomain.co.uk>, Size: 123843, Sender-Host: 118.200.234.95, Subject: fraudulent cc charge, Msg-Id: <WM7LHZNV.2044202<_at_>rmc101.com>
The attachment has a virus that is immediately picked up by Sophos on the client:
File "C:\Users\deuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\GP9SZIER\statement.doc" belongs to virus/spyware 'Troj/DocDl-QI'.
According to the Sophos website this virus was first seen on June 8th so why didn't Sophos in KC pick it up?
|
|
|
|
|
|
|
|
|
|
| Re: Sophos AV - why am I paying for this? [message #121939 is a reply to message #121937] |
Wed, 10 June 2015 19:24  |
zebby
Messages: 154
Registered: March 2009
|
|
|
|
It gets caught now yes but we're now 2 days after Sophos say they detect it!
On their website Sophos say 'protection available since June 8th at 15:15' for this virus yet nearly 24 hours after that the Sophos on KC missed it.
|
|
|
|
|
|
| Re: Sophos AV - why am I paying for this? [message #121947 is a reply to message #121940] |
Thu, 11 June 2015 02:01 |
zebby
Messages: 154
Registered: March 2009
|
|
|
|
I wondered that but they are exactly the same.
The only difference seems to be KC was updated 15 minutes behind our clients (currently it is anyway)
But nearly 24 hours passed between Sophos first detecting it and KC Sophos not spotting it and passing it through, which is quite poor.
|
|
|
|
|
|
|
|
|
|
| Re: Sophos AV - why am I paying for this? [message #122055 is a reply to message #122043] |
Tue, 16 June 2015 15:38 |
j.a.duke
Messages: 239
Registered: October 2006
|
|
|
|
Honestly, I felt far more secure when ClamAV was still an option for Kerio to use.
The hit rate seemed to be better and it often caught things that weren't viruses per se, but still should be stopped.
I'd absolutely love to run ClamAV again on our Mac-based Kerio install, but that doesn't seem to be a priority. Apparently Kerio has made available Linux & Windows plug-ins, but not Mac.
Cheers,
Jon
|
|
|
|
| Re: Sophos AV - why am I paying for this? [message #122056 is a reply to message #122055] |
Tue, 16 June 2015 15:44 |
Kedar
Messages: 356
Registered: April 2005
|
|
|
|
Antivirus SDK for Kerio Products
The SDK includes a public API that can be used to write plugins for third-party antivirus solutions, together with sample plugin source code, ClamAV® plugin source code, and testing binaries. Linux is the supported platform, both for development and as the deployment target.
If you want to start using the plugin now and skip compilation, we have prepared the Linux plugin in binary form directly for download. Do not worry if you use Windows. Our community took care of it and created the necessary DLL file.
|
|
|
|
| Re: Sophos AV - why am I paying for this? [message #122057 is a reply to message #122056] |
Tue, 16 June 2015 16:32 |
zebby
Messages: 154
Registered: March 2009
|
|
|
|
Radek Sip (Kerio) wrote on Tue, 16 June 2015 14:44Antivirus SDK for Kerio Products
The SDK includes a public API that can be used to write plugins for third-party antivirus solutions, together with sample plugin source code, ClamAV® plugin source code, and testing binaries. Linux is the supported platform, both for development and as the deployment target.
If you want to start using the plugin now and skip compilation, we have prepared the Linux plugin in binary form directly for download. Do not worry if you use Windows. Our community took care of it and created the necessary DLL file.
So this is the solution to the integrated Sophos failing?
|
|
|
|
|
|
|
|
Members
Search
Help
Register
Login
Home
