with the experience of the last two years I'm not very satisfied with the antivirus quality of the Sophos implementation.
The virus detection rate of unwanted mail attachments is estimated not higher than 40%. I've test downloaded what came through the Kerio filter in a sandboxed environment and in >90% of all cases my Bitdefender recognized this as potential risk and quarantined it.
Loads of .doc and .docm of the current locky infection wave have just been passed without any hassle. Meanwhile I've globally blocked these attachments to be sure that someone does not click by mistake on that.
Is there any plan to improve this to a level we are used to know from our Bitdefender, Kaspersky etc desktop solutions? Hey, it's a server which distributes to many others ...
Just my 2 cent
Problem is, that sophos seems to work with a static approch. Your local antivirus uses a heuristic, which detects bad files on a "not sure but that thing could hurt" basic.
So if sophos dosen't recognize the virus > bad.
In case of locky, NO antivir program could find it.
When locky was going active last week, no antivir on virustotal could detect anything bad from the doc file, the js file after or the .exe. It took a whole day for 3 programs to recognize it, mostly because of the updated heuristic. That was at 16:00, at 19:00 6 programs could find it.
The best way to block any virus - block the attachments and the files in the attachments (.zip). Was the best solution I found till now.
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of