Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Integrated McAfee AntiVirus vs Symantec
  •  
BobH

Messages: 123
Karma: 0
Send a private message to this user
We are evaluating Kerio Mail Server. Per a previous post, we're having trouble with the integrated McAfee updating so an alternative to consider is an external virus scanner.

We currently use Symantec Anti-Virus Corporate Ed. v9. We run this on all our servers and PCs. I have seen in Kerio's literature and in the Kerio antivirus configuration screen that Symantec is supported. From what I see, they support Symantec Antivirus Gateway (SAG) v4.0. However, I'm not clear whether this would work in our setup or not.

We currently have Kerio setup on a Windows XP Pro (SP2) PC and would like to stick with that since it works fine in our testing so far. However, reading SAG requirements, it specifies server OSes only with no mention of XP Pro.

Can anyone whose setup similar to us give me the benefit of our experiences. What works or doesn't work. Is it possible to configure regular Symantec Anti-Virus to scan incoming mail or is it not possible because of the ports involved.

Thanks.
  •  
rhunter

Messages: 79
Karma: 0
Send a private message to this user
What you want is the Scan Engine:

http://enterprisesecurity.symantec.com/products/products.cfm ?ProductID=173

There is a downloadable trial version. I had tested it a while back and I think it would not install on W2K Pro, if I remember correctly. Could be wrong...

It did work on W2K server. The demo version was a somewhat dated v4.3 build and it let some MIME encapsulated versions of worms/viruses through that our Exchange/NAV Excg server then caught. I dont know if a more current build fixed this or not. The Symantec support site listed bug fixes in newer versions that addressed MIME problems.
  •  
awj4

Messages: 78
Karma: 0
Send a private message to this user
Im running KMS on one server (W3K) and Scan Engine on another (W3K).

My Scan Engne is version 4.3.1.20.

Sometimes I get this error in Kerio but I dont know if it is a Kerio or Symantec problem.

[05/Apr/2005 15:27:14] mail_avir.cpp: Cannot open work file d:\kerio\mailserver\store/tmp/4252922a-0000010d/avfile.tmp: (32) The process cannot access the file because it is being used by another process.

System requirements for installing Symantec AntiVirus Scan Engine 4.3
http://service1.symantec.com/SUPPORT/ent-gate.nsf/95ff82d60e 46893988256c8b0079db6b/bf34a993b7f1192488256ddb007788bb?Open Document&prod=Symantec%20AntiVirus%20Scan%20Engine&v er=4.3%20for%20Windows&src=ent&pcode=sav_scan_eng&am p;dtype=corp&svy=&prev=&miniver=savse_43_win

[Updated on: Wed, 06 April 2005 19:37]

  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user

Symantec Scan Engine only runs on Server o/ses (2000 or 2003)

(Does not have to run on the same box as Kerio though anyway!)

I also get the error mentioned above - hundreds of times every day. Kerio have been unable (& have now given up) trying to solve this bug.

It is also correct that many messages encapsulated in different ways or using exploits can get through SSE.

I used www.testvirus.org to check this out

However Symantec Corporate Edition V9 client&server includes SMTP & POP3 scanning so you could run a SMTP forwarder/proxy app (- loads around for free) then you could this as your email gateway scanning.

Plus as it is low-level protocol/traffic scanning it is much more effective.

Not sure it was intended for this but it works great!
  •  
rhunter

Messages: 79
Karma: 0
Send a private message to this user
I got out my notes from when I tested it. The trial version was v4.3.0.15. I also had numerous messages appearing in the log that avfile.tmp could not be accessed because it was being used by another process.

The trial version missed a Netsky worm that SAV 9.0.1.1000 detected at the user desktop. The worm was W32.Netsky.P<_at_>mm!enc.

The current version of scan engine is 4.3.9. There have been a lot of fixes and changes:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/95ff82d60e 46893988256c8b0079db6b/da3aa6ddb8ab830a88256e5f0076e119?Open Document&prod=Symantec%20AntiVirus%20Scan%20Engine&v er=4.3%20for%20Windows&src=ent&pcode=sav_scan_eng&am p;dtype=corp&svy=&prev=&miniver=savse_43_win

I assume it doesnt update itself and you have to manually reinstall it every time they release a patched version?
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user
I'm glad everyone else seems to get that 'avfile.tmp accessed' error message.

lol
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user

How did you get the newer version(s) of SSE

If I re-download from link above or fileconnect I get 4.3.0.15 still...

I gather the current version is 4.3.9

Can anyone help?
  •  
rhunter

Messages: 79
Karma: 0
Send a private message to this user
All I ever had was the demo which was 4.3.0.15 also.

You'll have to call Symantec tech support and beg for a later version - if you have a current maintenance contract. That's how Symantec "support" works. We're using their Web Security proxy server and saw that there was a newer build listed in their revision list. We called and were told that we had to have a legitimate problem with the build we are using before they would let us download the latest build. Just having paid for a maintenance contract isnt sufficient. You're actually calling into a phone bank of sorts, so you get a different person every time. Some are more accomodating than others.

That's at the Gold support level. You can hemmorage a LOT of money and go to the Platinum level which apparently lets you download any build you want. Which may be why they sometimes give you a hard time at the Gold level, they have to hold something out for the Platinum level.

Call them and tell them it isnt detecting some MIME encoded viruses/worms. They appear to have had numerous MIME related problems. They should let you FTP the latest version.

Take a look at NOD32. We demoed it and it looked promising. It detects a lot of trojan/bank phishing schemes that other programs seemed lost on. It's trickier to get to work with KMS as you have to have a license file to get it to scan archive files (.zip,etc.). The people at ESET will send you the license file and a 30 day username/password to get definitions. It's much lower on the complexity scale than Scan Engine also.
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user
thanks for comprehensive reply

I will call symantec monday
  •  
rhunter

Messages: 79
Karma: 0
Send a private message to this user
peterj,

If you can get a current version from Symantec, I'd like to know how it stands up against testvirus.org.

Thanks.
  •  
awj4

Messages: 78
Karma: 0
Send a private message to this user
I have now upgrated to 4.3.9.30.

I will keep an eye on the 'avfile.tmp accessed' problem.

http://www.webmail.us/testvirus - results:

No action from Symantec on:
test 5
test 17 (no file to open in email - ok?)
test 24 (ATT_1.bin file in email - ok?)
test 25 (no file to open in email - ok?)
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user

How did you get in touch with Symantec???

I'm finding it difficult to even get a contact no...

  •  
awj4

Messages: 78
Karma: 0
Send a private message to this user
Im a reseller so I have my phonenumbers.

Give me you email and we can find out of something.
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user
I'm also a reseller but have no such details.

Did you call your distributor?

peter<_at_>abacusbc.co.uk
rhunter

Messages: 79
Karma: 0
Send a private message to this user
Enterprise tech support is (800) 927-4017 in the USA

Previous Topic: OL2003 lost the public contact list
Next Topic: Kerio and Antivirus
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 12:14:11 CET 2017

Total time taken to generate the page: 0.01008 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.