Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Outlook Connector Virus Detected (Kerio file detected as a Virus by NIS 2012)
  •  
kenwest

Messages: 47
Karma: 2
Send a private message to this user
Hi,

We upgraded our email server to 8.1.1 over the weekend and are now having issues across desktops and laptops with Norton Internet Security 2012 detecting the gmime.dll file located at c:\program files (x86)\Kerio\outlook connector (offline edition) as the Suspicious.Cloud.7.EP virus.

Norton Internet Security pops up a window saying auto-protect has detected the Suspicious.Cloud.7.EP virus. When viewing the history details of what NIS does, it says that "The threat has been removed. No further action is needed." THEN, it says that "IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface is no longer being protected."

Once this happens, Outlook 2010 will no longer send emails using the Kerio Outlook Connector and Outlook 2010 takes 10 minutes to open and sometimes will not open at all.

The reported problem from our users is "I cannot send email." In every case it's Norton detecting the gmime.dll file as a virus.

A complete virus scan of affected machines after this happens shows no viruses detected by the Norton software. Even a complete scan after a fresh install of Kerio Outlook Connector shows no viruses found.

We believe this virus detection to be a false positive from Norton Internet Security 2012.

So far, the fix has ranged from closing Outlook 2010 to Restarting Machines to Uninstalling and Reinstalling the Kerio Outlook Connector. Usually, it requires a reinstallation of Kerio Outlook Connector. BUT, in every case the problem returns...cannot send emails....and the fix is usually reinstallation of Kerio Outlook Connector.

Unless someone has seen this and knows of a fix or workaround we are about to go through all of our machines and exclude that file from the Norton Auto-Protect scan to prevent this failure until either Symantec or Kerio has a fix.

We are running the 64 bit version of 8.1.1 on a Windows 2008 R2 server. All of our 210 users are on Outlook 2010. All virus definitions for Norton Internet Security 2012 are up to date.

We experienced no such issues with 8.1.0.

Is anyone else having any issues in this area?

Thanks!
  •  
kenwest

Messages: 47
Karma: 2
Send a private message to this user
Update: Problem acknowledged by Symantec. They have updated their Virus Definitions and all is well. For anyone suffering from this problem, update your desktop users to the latest virus definitions and the problem is fixed.
  •  
Timo.Geissler

Messages: 2

Karma: 1
Send a private message to this user
Hey same problem after Upgrading to Kerio Connect 8.3.0
Virus Definitions some to be the newest Wink your Problem is far away...must be a problem of Symantec again?!
  •  
Lukas Petrlik (Kerio)

Messages: 117
Karma: 7
Send a private message to this user
Antivirus vendors typically resolve false positives by adding a checksum of the file to their whitelist. When the checksum changes (e.g. after upgrade), the file can again be reported as a virus.
Previous Topic: KOFF is not default store
Next Topic: Infinite loop detected after upgrade to 8.3
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Sep 22 06:38:49 CEST 2017

Total time taken to generate the page: 0.00360 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.