Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Sophos database updated & active, how often per day? (anomaly noticed in SECURITY log, how often should this message appear?)
  •  
havinabubble

Messages: 13
Karma: 1
Send a private message to this user
following on from my other thread http://forums.kerio.com/t/32593//
I've noticed a pattern in the failed attempts on my server.

in my SECURITY LOG I see the following line before EVERY block of attempts:

Sophos database has been successfully updated. Sophos Scanning Engine (5.39.13251743/3.66.2.0) is now active.

is it possible they have figured a weakness, that involves the Sophos engine?
why does that message appear so often?



Quote:
[24/May/2017 17:52:43] Sophos database has been successfully updated. Sophos Scanning Engine (5.39.13251743/3.66.2.0) is now active.
[24/May/2017 18:54:37] SMTP: Authentication attempt from host 47.91.140.237 denied, insecure authentication not allowed.
[24/May/2017 18:54:42] SMTP: Authentication attempt from host 47.91.140.237 denied, insecure authentication not allowed.

[25/May/2017 05:52:47] Sophos database has been successfully updated. Sophos Scanning Engine (5.39.13251790/3.66.2.0) is now active.
[25/May/2017 08:53:36] IMAP: User user1ATmydomain.com doesn't exist. Attempt from IP address 81.30.195.154.
[25/May/2017 08:54:05] IMAP: User user1ATmydomain.com doesn't exist. Attempt from IP address 220.191.249.7.

[07/Apr/2017 16:40:50] Sophos database has been successfully updated. Sophos Scanning Engine (5.35.12601123/3.66.2.0) is now active.
[07/Apr/2017 17:22:40] SMTP: Authentication attempt from host 177.23.177.146 denied, insecure authentication not allowed.
[07/Apr/2017 17:22:41] SMTP: Authentication attempt from host 177.23.177.146 denied, insecure authentication not allowed.

[17/Mar/2017 09:32:23] Sophos database has been successfully updated. Sophos Scanning Engine (5.35.12598872/3.66.2.0) is now active.
[17/Mar/2017 09:33:02] HTTP/CalDav: User user2ATmydomain.com doesn't exist. Attempt from IP address 192.168.1.104.
[17/Mar/2017 09:33:05] HTTP/CalDav: User user2ATmydomain.com doesn't exist. Attempt from IP address 192.168.1.104.

[23/May/2017 23:37:03] Sophos database has been successfully updated. Sophos Scanning Engine (5.39.13251592/3.66.2.0) is now active.
[23/May/2017 23:46:39] IMAP: Invalid password for user user3ATmydomain.com. Attempt from IP address 219.93.121.6.
[23/May/2017 23:47:19] IMAP: Invalid password for user user3ATmydomain.com. Attempt from IP address 106.158.109.238.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Because Sophos is frequently updating the antivirus definitions to keep you protected. You can notice that the version of definitions file is constantly updated (eg. 13251592).
  •  
havinabubble

Messages: 13
Karma: 1
Send a private message to this user
Pavel Dobry (Kerio) wrote on Mon, 29 May 2017 12:15
Because Sophos is frequently updating the antivirus definitions to keep you protected. You can notice that the version of definitions file is constantly updated (eg. 13251592).


cheers, I had noticed the number change... but my paranoia is questioning EVERYTHING it reads at the moment

if thats normal, I'll cross it off my worry list Smile
Previous Topic: RCPT commands on Kerio Connect
Next Topic: Planning a big KERIO environment
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Jul 28 12:55:19 CEST 2017

Total time taken to generate the page: 0.00394 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.