Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Problem with attached encrypted Excel file (Problem with attached encrypted Excel file)
  •  
redjun

Messages: 17
Karma: 0
Send a private message to this user
Below is the message with an attached encrypted excel file. Is there any solution yet with Sophos?

Thanks in advance

.............
The attached message could not be checked for viruses:

Problem: File 'C:\Program Files\Kerio\Mailserver\store/tmp/4d1f4342-000274f3/avfile.tm p' is encrypted.
MIME type: application/vnd.openxmlformats-officedocument.spreadsheetml. she
File name: Copy of Book1.xlsx
Antivirus: Sophos Scanning Engine (4.60E.2166547/3.14.1.0)

This warning was added by mailserver
..................
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
If two anti-viruses are used in Kerio Connect and the secondary anti-virus is less strict than Sophos then the attachment is marksed as "clean" and delivered with no warning. Sophos has more functions than McAfee and it can detect and report encrypted archives or Microsoft documents.
  •  
redjun

Messages: 17
Karma: 0
Send a private message to this user
The server is using only the Sophos in Kerio Connect.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
If only one anti-virus is used in Kerio Connect then the server must respect the result of scanning. Using a secondary AV can be a solution then.
  •  
redjun

Messages: 17
Karma: 0
Send a private message to this user
Quote:
Sophos has more functions than McAfee and it can detect and report encrypted archives or Microsoft documents.


Then how can we change Sophos to allow encrypted Office files?
  •  
redjun

Messages: 17
Karma: 0
Send a private message to this user
Quote:
If two anti-viruses are used in Kerio Connect and the secondary anti-virus is less strict...


If I will need another Anti virus to work with Sophos, then why should I not just drop Sophos? I would guess there would be reduction on the price per license.
  •  
freakinvibe

Messages: 1533
Karma: 61
Send a private message to this user
In the Admin Console, under

Configuration > Content Filter > Antivirus

at the lower end of the window, tick the radio button

Quote:
If a part of message cannot be scanned (e.g. encrypted or corrupted file)


  • Deliver the original message with a prepended warning


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
redjun

Messages: 17
Karma: 0
Send a private message to this user
@freakinvibe, thanks. But sending an email with attachment to clients and suppliers with a message "The attached message could not be checked for viruses:" is a no-no.

@Kerio_pdobry, ok Sophos has more functions than McAfee, but why would Sophos needs a secondary antivirus to work for it? If Sophos cannot check the attachment for viruses, then there should be a choice in "If a part of a message cannot be scanned.." that will go like "Deliver the original message anyway as is". This will be a remedy for the moment, until Sophos can work on this problem.
  •  
freakinvibe

Messages: 1533
Karma: 61
Send a private message to this user
@redjun: I understand that you would like to have it delivered directly (additional option: "Deliver the original message anyway as is"). Unfortunately, there is no such option.

Quote:
This will be a remedy for the moment, until Sophos can work on this problem.


This problem will never be solved, as a password-encrypted file can never be decrypted by an AV solution (this would be a huge security issue). So a good AV solution should give you three options:

If file is encrypted:


  1. Treat it as clean file
  2. Issue a warning, but deliver anyway
  3. Block the item


Unfortunately, Kerio only provides solution 2 and 3.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
redjun wrote on Mon, 03 January 2011 15:03
<_at_>freakinvibe, thanks. But sending an email with attachment to clients and suppliers with a message "The attached message could not be checked for viruses:" is a no-no.


Is that policy or just the desire to look good? You can't scan an encrypted file for viruses no matter what you do, and if you just silently let it through without saying anything, you're implicitly lying. A bigger no-no if you ask me.

I think your clients and suppliers can handle the truth.
  •  
redjun

Messages: 17
Karma: 0
Send a private message to this user
@TorW, thanks. I may say that clients always RULE!

We all know that previous versions doesn't work this way, and we cannot work on this situation. I have now 500 users banging on me for this.
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
I guess the situation is the same if you encrupt the complete message - right?
So you don't allow encrypted messages because they would then have a footer: This message could not be checked for spam. ????

The solution KC give you is actually the right one!
Tell the receiver that the attachement has Not been scanned, and let them use their brain to understand why!
This is how you avoid trojan horses to get in! Educate the USER/CLIENT to use their brain!

If they get an Excel doc from a supplier that needs decryption, they should be able to think: Hey, I have the password - and it works - guess it's a valid file!

PS: <_at_>redjun: No, clients are STUPID and need HELP - that's why they ask for it! You just have to give the help in the right diplomatic way... Wink

[Updated on: Wed, 05 January 2011 00:34]


Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
redjun

Messages: 17
Karma: 0
Send a private message to this user
Quote:
...they would then have a footer: This message could not be checked for spam. ????


It would be good (and perfect for my situation) if the message with an attached encrypted file will be delivered with that kind of message in the footer, not attaching the message.

Quote:

# Treat it as clean file
# Issue a warning, but deliver anyway
# Block the item


@ freakinvibe, For option 1, it would be good to be like: Allow the message, and put a notice "The attached message could not be checked for viruses"

Anyway, I received a message from Support that "have a suggestion on file with the developers to flag passworded files" but unfortunately no time scale.

And for the meantime, Sad , I have to give the help in the right diplomatic way... and say Kerio Connect rules!
Previous Topic: Webmail font sizes
Next Topic: [BUG] Kerio iCal Config Tool.mpkg
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Sep 26 18:19:30 CEST 2017

Total time taken to generate the page: 0.00475 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.