Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » McAfee efficiency? (Is McAfee efficient??)
  •  
pantera10

Messages: 56
Karma: 0
Send a private message to this user
Hi all,

Today, my company has been spammed by a mail which contains a virus (details of this mail can be find here:
http://appriver.blogspot.com/2008/09/xw32lapostezbot.html).
And some of my users have opened this mail and this attached files ... (damned users ^^). With luck, the Antivirus program on the user's PC has blocked this threat. So I'm wondering if the antivirus of my mail server is really efficient?? I have Mcafee embedded with KMS and since February 2007, McAfee has only found 55 virus whereas it has checked more than 813000 attachements!!

Furthermore, McAffe's database is often more than 2 days old ! How can an antivirus be efficient with such an old database??

Am i very lucky that no one send me virus? Is McAfee really efficient? Or is this antivirus a strainer?

Can someone help me to understand?

Thanks in advance.

Regards,
Aurélien

Kerio Connect 7.0.1 on Open Suse 11.1 64 bits
Outlook 2007 with KOFF. 100 users
  •  
Nixs

Messages: 159
Karma: 0
Send a private message to this user
As of this moment, the latest DAT is 5381 which we have and it is 1 day 10 hours old;
http://www.mcafee.com/apps/downloads/security_updates/dat.as p?region=us&segment=enterprise

They have new viruses in 5382, to be released.

I agree. How can this be good? My desktop antivirus sometimes updates more than once an hour. My gateway antivirus has new patterns roughly hourly. Why is McAfee released so infrequently? My offsite Kerio users are less protected than my lan users. They just have whatever antivirus they use, which could be none, and McAfee on the mail server.

Anyone using something else with Kerio? What do you like?

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
This is exactly why we gave up the built in McAfee. We had several occasions where viruses got through the mail scanner, and were fortunately caught by the desktop scanners, which was another vendor's AV.

In most of those cases, it was because the virus definitions weren't updated often enough. To make matters worse, in a few cases, McAfee was already aware of the virus, put it in the extra dat you can download manually, but hadn't updated the automatic update files because it wasn't that day of the week yet to release their update. At that time they only released updates once a week.

I've also seen viruses actively running on machines with current definitions, and McAfee never saw a thing, even a scan turned up nothing. Installed another AV scanner, and it caught a number of files immediately, and the rest during a scan. That's why we dumped McAfee for our desktop scanner not long before we dumped it on the mail server. That was a few years ago, and it may be better now, but I still don't trust it.

Scott
  •  
pantera10

Messages: 56
Karma: 0
Send a private message to this user
Thanks for your replies, I think I won't buy again KMS+McAfee on my next Subscription..
Which AV do you advice me?
Thanks.

Kerio Connect 7.0.1 on Open Suse 11.1 64 bits
Outlook 2007 with KOFF. 100 users
  •  
simonkenning

Messages: 34
Karma: 1
Send a private message to this user
This is certainly a massive problem at the moment. We have seen a huge number of messages arrive at our mailserver over the past couple of weeks that have ZIP files attached containing viruses. I have implemented ClamAV on our mailserver as well as the integrated McAfee Antivirus and whilst ClamAV is catching more than McAfee there are still a number of viruses getting through. Can anyone comment on this and suggest which Antivirus product to consider? I am very disappointed with the effectiveness of the integrated McAfee Antivirus product within KMS.

Thanks for your help,
Simon Kenning
  •  
Nixs

Messages: 159
Karma: 0
Send a private message to this user
We setup MessageLabs in front of Kerio, with their antispam/antivirus solution. Of all the solutions we've used in the past, this one works the best. Still need AV on Kerio incase a home user sends a virus in (webmail/smtp auth) but 99%+ of the viruses are caught by MessageLabs.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
It is quite impossible to catch literally *all* viruses. To catch *almost all* you have to use a multitude of AV scanners and policies.

For mail I use MessageLabs externally (they themselves use multiple -unspecified- scanners), then McAfee on my Kerio Firewall, then ClamAV on my Kerio Mailserver, then Kaspersky on my desktops. So mail gets scanned 4+ times by 4+ different scanners. That should stop most pests.

Internet traffic is scanned 'only' twice (McAfee on firewall en Kaspersky on desktops). That leaves me a bit uncomfortable, but I alleviate my apprehension by blocking downloads of all executables, screensavers, scripts, even plain zip-files on the firewall. (When push comes to shove my 100+ users very rarely need to download zip-files for business purposes. Maybe once per month I download a zip-file for them.)

Local media (USB sticks etc.) are scanned only once by Kaspersky. That is not ideal, but installing two AV scanners on the desktop is taking it too far for me. Also blocking any and all USB sticks creates an unworkable situation. That means I might have to clean up some infection once in a while, but that has become a very seldom occurrence indeed.

What I'm trying to say of course is that you need a multitude of policies and barriers in place to stop vermin from causing more trouble then can be handled comfortably. Relying on a single scanner on a single point of entry is not going to do it, no matter what scanner that is.
  •  
heze54

Messages: 220
Karma: 0
Send a private message to this user
Hi,

I use mcafee+ clamav at my kms running under ubuntu server, and computers and workstations using avast 4.8 pro.


It really works, but its true that mcafee DB is bad updated.


Best regards
Previous Topic: Outlook 2007 Mail Receive Problem
Next Topic: Calendar events recovery.
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 19:46:43 CET 2017

Total time taken to generate the page: 0.00480 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.