Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » KC and virus gateway (Trying to identify email blocked by firewall)
  •  
pchernoff

Messages: 120
Karma: 0
Send a private message to this user
Our SonicWall firewall keeps blocking e-mail from KC 7.02 to one client due to a anti-virus alert (Gateway Anti-Virus Alert: UPX packed executable file blocked). I have gotten a thousand of these alerts in the past 24 hours. The log indicates that the blocked file is being sent by our KC server (which is in a DMZ) to a specific computer. I am assuming that this file is in an e-mail.

The client is running Mail.app on Mac OS X 10.5.8 and has an IMAP account. So I assume that Mail.app is constantly calling for the e-mails contents so it can put it in a local cache.

I have looked at KC's Mail log and I do not see anything out of the unusual. I do not see any notice of not being able to deliver an e-mail to this account. I have not seen anything like this happen before.
  •  
freakinvibe

Messages: 1529
Karma: 60
Send a private message to this user
IMAP traffic is not recorded in the mail log. You should enable "IMAP server" that in the debug log to find the root cause of the error.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
Are your SonicWall realy inspecting IMAP traffic?????
Email inspection in SonicWall should be SMTP... unless I'm outdated... Sad

Maybe the client is trying to Deliver the message to be send, and the SonicWall is blocking that?

Anyway, your users should be using SMTP Delivery on port 587 (SSL and authenticated) so this should be caught by your SonicWall on the way out of your server, unless Kerio has already detected it with own tools... (!)

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
pchernoff

Messages: 120
Karma: 0
Send a private message to this user
I am trying to get the SonicWALL to not inspect IMAP but I ended up turning off antivirus inspection for now. Postini catches the vast majority of crap coming in via e-mail and we only allow incoming mail from the Postini servers.

Yes, we use SMTP Delivery on port 587.

I am going to try and turn this SonicWall feature on again and try to ensure that it leaves IMAP alone.
Previous Topic: ? my wishes ?
Next Topic: open directory outage
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Sep 25 09:58:15 CEST 2017

Total time taken to generate the page: 0.00388 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.