Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Manual deletion of infected eml files (Server must be stopped or it is not important)
  •  
billybons2006

Messages: 20
Karma: 1
Send a private message to this user
From time to time I check mail folder with clamav:
clamscan --recursive --infected /opt/kerio/mailserver/store/mail/

If there is a virus and I need to delete infected file, what is right way:
a) Stop server -> Delete infected eml -> Start server;
b) Delete infected eml while server is running.

?

[Updated on: Tue, 11 February 2014 10:53]

  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
I think you need real-time protection for your users. It's too late remove viruses from messages they already got.

Enable integrated Sophos antivirus and there will be no viruses in your store.
If you haven't licensed integrated antivirus, use external ClamAV plugin.
External ClamAV how-to: https://kerio.com/blog/compile-your-own-clamav-plugin-connec t-8-kerstnerat-shows-how
  •  
billybons2006

Messages: 20
Karma: 1
Send a private message to this user
Hi, Radek!

Thank you for your attention! I have license with Sophos antivirus integrated. But...

My question is: have I stop Kerio-connect daemon before deleting "*.eml" from mail folder or not. Best practise? And if it is production 24x365 server? Stop server each time I need to delete file? I think it is bad idea Sad
  •  
BudDurland

Messages: 348

Karma: 10
Send a private message to this user
Generally, it is bad practice to delete an .eml file. If you must, stop the server first, and remove status.fld. If you have the integrated Sophos enabled and it is updating and working properly, I suspect any viruses Clam finds are false positives. However, if you want another layer of protection, make sure the endpoints have AV and Anti-Malware. You might also consider and external spam/virus filter, such as SpamTitan.

Good is better than evil because it's nicer
--Mammy Yokum
  •  
billybons2006

Messages: 20
Karma: 1
Send a private message to this user
Thank you, BudDurland. I have second level of defense (antiviruses on clients). But from time to time every software can pass through malvare. Ok, question is solved.
Previous Topic: Help with Error log entries
Next Topic: iOS changes meeting status
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 08:24:09 CET 2017

Total time taken to generate the page: 0.00395 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.