Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Updating Sophos via internal pattern host (Is it possible to configure the Kerio Sophos-AV engine to get updates from an internal pattern host?)
  •  
lgsit

Messages: 32
Karma: 0
Send a private message to this user
Hello,

I've just installed the new Kerio Connect 8 (8.0.0.639) on our internal mailserver. Up to now, we temporarily used ClamAV to check all the mails, but due to the fact, that Kerio exclusively supports Sophos in future releases we upgraded our maintenance license so we can use the included Sophos engine.

As a matter of fact, our mailserver does not have a direct connection to the internet and I want to update Sophos using an internal pattern host. We already have an anti-virus pattern server for various anti-virus software which downloads and provides the latest definitions for all the systems inside the internal network, so that should not be the problem at all.

The question is, can I configure the Sophos engine included in Kerio to use an internal server for its definition updates? I did not find any configs, yet. I only found the file /opt/kerio/mailserver/sophos/update.php.new, but it's empty (I'm not sure if that file is even meant as a config file).

If relevant, the server runs with CentOS 6.0 (x64).

Thank you in advance!

[Updated on: Thu, 13 December 2012 12:21]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Integrated Sophos engine can be updated only from Kerio servers.
I can recommend configuring a new HTTP proxy server and have Kerio Connect access the Internet (=update servers) via the proxy server.

[Updated on: Fri, 14 December 2012 00:10]

  •  
lgsit

Messages: 32
Karma: 0
Send a private message to this user
Thanks for the fast reply!

Well, using a proxy server could be a security risk and we acutally want to avoid that. The internal network should be completely separated from other and especially external networks.

Inside the knowledge base I read that Kerio is also checking the installed license and so I understand that using a pattern host is not supportwed/allowed due to the fact that could bypass such a process.

So, at least, we want to avoid a permanent connection to the proxy. I'd like to update the Sophos definitions e. g. using a Bash script started by the Cron daemon. This Bash script sets the route to the proxy, triggers Kerio to update Sophos and removes the route again when done (if possible).

Is this possible? Can I trigger the Sophos update via shell command?

[Updated on: Fri, 14 December 2012 09:44]

  •  
freakinvibe

Messages: 1524
Karma: 60
Send a private message to this user
I used to do that in Kerio Connect 7.3. I copied the .ide, .vdb, .dat and the 3 .dll files from a local source regularly. As we are using Sophos Enterprise we have the source local anyway. This is the script (on Winodows):

robocopy "C:\Sophos download\sophos\ESXP\savxp" "C:\Program Files (x86)\Kerio\MailServer\sophos\initial\ide" *.ide /MIR /LEV:1
robocopy "C:\Sophos download\sophos\ESXP\savxp" "C:\Program Files (x86)\Kerio\MailServer\sophos\initial\vdb" *.vdb /MIR /LEV:1
robocopy "C:\Sophos download\sophos\ESXP\savxp" "C:\Program Files (x86)\Kerio\MailServer\sophos\initial\vdb" *.dat /MIR /LEV:1
robocopy "C:\Sophos download\sophos\ESXP\savxp" "C:\Program Files (x86)\Kerio\MailServer\sophos\initial" veex.dll /MIR /LEV:1
robocopy "C:\Sophos download\sophos\ESXP\savxp" "C:\Program Files (x86)\Kerio\MailServer\sophos\initial" savi.dll /MIR /LEV:1
robocopy "C:\Sophos download\sophos\ESXP\savxp" "C:\Program Files (x86)\Kerio\MailServer\sophos\initial" osdp.dll /MIR /LEV:1


As this is not an officially supported way, you might lose support from Kerio. Also, I have not tested this under KC version 8. But in the end, the Kerio update process does nothing else that that. And if you have Sophos inhouse anyway, it does not make sense to download the same patterns over and over again.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
lgsit

Messages: 32
Karma: 0
Send a private message to this user
@freakinvibe

Thanks for the tip. Unfortunately, we don't use Sophos anti-virus on any other system, we use a different anti-virus software and I don't want to lose the Kerio support.

Quote:
it does not make sense to download the same patterns over and over again

Yes, that's right. This is also the reason why we already have an internal pattern host for for various anti-virus software. This saves time and traffic. Smile

Besides, I did not find any Sophos "definition downloader" (such as "Retranslator" from Kaspersky) which simply downloads the virus definitions (nothing more, nothing less) ... and I would need that for Linux.

@Pavel

Can I trigger the Kerio Sophos update process via shell command?

[Updated on: Fri, 14 December 2012 11:47]

  •  
lgsit

Messages: 32
Karma: 0
Send a private message to this user
So, is there a way to manually start the Sophos definition update via shell? Confused
  •  
lgsit

Messages: 32
Karma: 0
Send a private message to this user
Unfortunately, there is no shell command to trigger the Sophos update, but I've been told that I can do this by using the Kerio Connect API.

So, I'll try that.

Thanks anyway! Smile

[Updated on: Mon, 14 January 2013 15:14]

Previous Topic: KOFF and webmail Out Of Office Time Mismatch
Next Topic: Access to all Mailboxes
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Sep 19 21:03:06 CEST 2017

Total time taken to generate the page: 0.00418 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.