Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Sophos Antivirus - not too satisfied ...
  •  
netmax

Messages: 38
Karma: 1
Send a private message to this user
Hi,

with the experience of the last two years I'm not very satisfied with the antivirus quality of the Sophos implementation.

The virus detection rate of unwanted mail attachments is estimated not higher than 40%. I've test downloaded what came through the Kerio filter in a sandboxed environment and in >90% of all cases my Bitdefender recognized this as potential risk and quarantined it.

Loads of .doc and .docm of the current locky infection wave have just been passed without any hassle. Meanwhile I've globally blocked these attachments to be sure that someone does not click by mistake on that.

Is there any plan to improve this to a level we are used to know from our Bitdefender, Kaspersky etc desktop solutions? Hey, it's a server which distributes to many others ...

Just my 2 cent Cool

Marco
  •  
Maerad

Messages: 152
Karma: 31
Send a private message to this user
Problem is, that sophos seems to work with a static approch. Your local antivirus uses a heuristic, which detects bad files on a "not sure but that thing could hurt" basic.

So if sophos dosen't recognize the virus > bad.

In case of locky, NO antivir program could find it.

When locky was going active last week, no antivir on virustotal could detect anything bad from the doc file, the js file after or the .exe. It took a whole day for 3 programs to recognize it, mostly because of the updated heuristic. That was at 16:00, at 19:00 6 programs could find it.

The best way to block any virus - block the attachments and the files in the attachments (.zip). Was the best solution I found till now.
Previous Topic: Kerio Connect Offline Client 9.0.x
Next Topic: Library libkticonv.so.2 could not be loaded
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Mar 23 05:16:12 CET 2017

Total time taken to generate the page: 0.00773 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.