Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Question about file types being AV scanned
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Question:

In 'the old days' virus scanners would only scan executable and office file types (.exe, .com, .doc, .dot, etc.) since they were the only ones considered to be potentially infected with (macro-)virusses.

In these days of buffer overflows any file could potentially have a virus in it (or trigger code execution). For example, last year a problem with jpg's was reported, yesterday a new issue with wmf files (here), etc.

How does KWF's internal McAfee AV scanner handle this? Does it indeed scan all traffic or is it still only scanning a selected number of file types it considers dangerous (potentially leaving users vulnerable)?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
It scans the files you tell it to scan. See Anti virus / HTTP, FTP scanning for the settings and check that part in the help file.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Sure, but...

Last year a jpeg vulnerablility was confirmed in Microsoft products. Kerio was quickly to reply with an update to KWF so that these malicious jpeg's were intercepted. Was even proudly mentioned on kerio.com. Yet, I don't see jpg listed in the to-be-scanned filetpyes. So, is that list really al there is to it? Seems not...

Moreover: wouldn't it be very prudent for Kerio to inform us? Shouldn't they have put up a big notice on the forum last week instructing us to include *.wmf in the to-be-scanned list?

Even if you say: "you're own responsibility", it would be good service...
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Quote:

[23/Dec/2005 14:05:37] VIRUS charset="en" file="http://www.thebest-search.net/s_ta_ts.js" hostip="x.x.x.x" hostname="xxxxxxx" protocol="HTTP" time="Fri Dec 23 14:05:37 2005" username="xxxxxxx" virus="JS/Wonka"


Above is in my alert log. Virus was found in a *.js file, but *.js is NOT listed in the to-be-scanned files configuration. So... there really is more to it than just that list.

(Yes, I do have the "do not scan anything else" rule at the bottom of the list.)
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Could anyone (from Kerio perhaps) respond? What gets AV scanned and what not is an important matter and not entirely clear...
Previous Topic: How to allow DC++ behind WinRoute
Next Topic: Logon to Domain via VPN and DNS-problem
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 25 01:19:21 CET 2017

Total time taken to generate the page: 0.00389 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.