Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Built-In Sophos Misses Trojan
  •  
tonyswu

Messages: 271
Karma: 5
Send a private message to this user
Hi,

We are running Kerio 7.3.1 on Mac OS X 10.6.8 Server. The built-in sophos anti-virus would once in a while miss some trojan. The database appears to be updated regularly, so I am not sure why it would miss a trojan. Funny thing is the anti-virus software on my computer, which is also Sophos, would catch it just fine. I've included a few screenshots detailing the message itself in webmail, the screen where Sophos on my computer caught the trojan, and the database version on Kerio server.

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
I don't know your timezone so it's hard to tell the timing. Anyway, the server scanned the message 5 hours before you've opened it in webmail. And as you can see, this trojan has been added to Sophos database very recently: http://www.sophos.com/en-us/threat-center/threat-analyses/vi ruses-and-spyware/Troj~Agent-WUP.aspx
  •  
tonyswu

Messages: 271
Karma: 5
Send a private message to this user
Thanks for the explanation, that might've been it. I'll keep my eyes open and report if another one shows up.
  •  
styson

Messages: 29
Karma: 0
Send a private message to this user
It is best to remember that no AntiVirus product in existence will catch everything. It is always best to scan with as many AV scan engines as possible. If you using Sophos in Connect, use something different on your endpoints and/or add a second AV scanner to Connect. When it comes to AV, the more the merrier.
  •  
freakinvibe

Messages: 1508
Karma: 58
Send a private message to this user
Quote:
add a second AV scanner to Connect

The will not be possible in the future. Kerio is discontinuing external AVs with KC 7.5. Sophos only.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
pal

Messages: 52
Karma: 1
Send a private message to this user
Sophos only? Please tell me you are kidding?
  •  
freakinvibe

Messages: 1508
Karma: 58
Send a private message to this user
No, I am not. Look here:

http://download.kerio.com/dwn/kerio-connect-beta-notes-en.pd f

Quote:
Support for all 3rd party plug-ins (AVG, avast!, ClamAV, Dr. Web & ESET) will be discontinued.
Kerio Connect will ship with a built-in Sophos anti-malware engine exclusively.



Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
pal

Messages: 52
Karma: 1
Send a private message to this user
Thanks for the link, looks like 7.5 will be my last Kerio Connect as it will preserve my current AV choice =/
  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
For your information, I'm forwarding the post from the betatesting forum. Please do not ask me now for technical details.

Quote:
Hi all,


I can personally imagine that those of you who use an external anti-virus plug-in could be annoyed by our decision. I really understand it. But you can believe me that all our decisions including this one are based on our philosophy: Quality, Simple, Stable, Secure, SMB, Channel. Exclusive Sophos support completely meets this philosophy. Due to the partnership with Sophos we are able to provide our customers (from SMB) with the best anti-virus solution for their emails. The reason is that all staff (Sophos DLL, API, avir db, ...) are in our hands. The solution can be precisely developed and tested.


On the other hand the external anti-virus plug-ins cause some trouble. We are still the only developer of all anti-virus plug-ins (except of Dr. Web) but we need the API for 3rd party anti-virus software. This API is usually changed with the new anti-virus versions. We have to fix it in our plug-in and of course test it with all supported anti-virus versions. It is very time-consuming. Also it sometimes happens that the anti-virus vendor needs to change or release a new version very quickly. In such cases we are not able to react as fast as necessary to support the latest version. Furthermore installation and configuration wouldn't be as easy as with the all-in-one solution. And what about the case that some virus passes through to your email client? Whose mistake is it? In Connect or in the anti-virus software? I believe that users don't want to be concerned with that. IMHO for all these reasons the external anti-virus support doesn't meet our philosophy anymore.


Last but not least, another argument for canceling external anti-virus support is the fact that ClamAV - the most popular external antivirus plug-in is used on less than 2% of all Kerio Connect servers.


Good news for you could be the message that we have decided to publish a-vir API and release the ClamAV plug-in as an open source. It should enable you in cooperation with open source community in using of ClamAV plug-in together with our products in future. It is also good opportunity with our API to develop a new plug-in for anti-virus sw that you prefer. The a-vir API should be available on our Developer Zone by year's end.


At the end I would like to also assure you that we will continue in offering our products both with and without Sophos anti-virus.



Best regards,
Zdenek Samuel
QA manager
Kerio Technologies
Previous Topic: Email - Alias vs. Adding Email-Addresses
Next Topic: Kerio 7.5 Beta/Sophos
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Aug 20 11:41:20 CEST 2017

Total time taken to generate the page: 0.00475 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.