Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Understanding Alert Log (Virus issue)
  •  
PastaPaul

Messages: 10
Karma: 1
Send a private message to this user
Hello.

Have noticed an alert which is repeating with some regularity on Kerio Control:

Virus alert
Event description
User: not logged yet
Host (IP): 192.168.1.103 (192.168.1.103)
File: copy_invoice_90809495.zip
Protocol: POP3
Virus info: Sophos verdict: Troj/Dloadr-EAH

I'm not quite certain how to interpret this...Is host 192.168.1.103 trying to send a virus or is something trying to send a virus to this host? POP3 would imply it's inbound, but now I'm not sure.

I've scanned that host with 2 very different virus checkers and neither of them have detected anything.

Also the log is not clear on what if any action has been taken - I'm assuming (regardless of whether it's inbound or outbound) the file has been blocked.

Thanks for any help on this.
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
This alert simply means that computer with IP 192.168.1.103 tried to download email via POP3 which included virus/trojan. If a virus is detected, the attachment is replaced by a notice informing about the virus found.

Please see http://kb.kerio.com/1386 for more details.

Petr Dobry
Product Development Manager | Kerio
  •  
PastaPaul

Messages: 10
Karma: 1
Send a private message to this user
Previous Topic: Service Discovery/ Zeroconf / Bonjour Gateway not working
Next Topic: Can't limit internet access to a specific active directory group
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Jun 26 21:10:28 CEST 2017

Total time taken to generate the page: 0.00388 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.