Chapter 13
Antivirus control
172
network send their email via an SMTP server located in the Internet. Checking of outgoing
SMTP traffic is not apt for local SMTP servers sending email to the Internet.
An example of a traffic rule for checking of outgoing SMTP traffic is shown at figure
.
Figure 13.6
An example of a traffic rule for outgoing SMTP traffic check
2.
Substandard extensions of the SMTP protocol can be used in case of communication of
two
Microsoft Exchange
mailservers. Under certain conditions, email messages are trans-
mitted in form of binary data. In such a case,
WinRoute
cannot perform antivirus check of
individual attachments.
In such cases, it is recommended to use an antivirus which supports
Microsoft Exchange
and not to perform antivirus check of SMTP traffic of a particular server in
WinRoute
. To
achieve this, disable antivirus check for SMTP protocol or define a corresponding traffic
rule where no protocol inspector will be applied (see chapter
).
13.3 HTTP and FTP scanning
As for HTTP and FTP traffic, objects (files) of selected types are scanned.
The file just transmitted is saved in a temporary file on the local disk of the firewall.
WinRoute
caches the last part of the transmitted file (segment of the data transferred) and performs
an antivirus scan of the temporary file. If a virus is detected in the file, the last segment of
the data is dropped. This means that the client receives an incomplete (damaged) file which
cannot be executed so that the virus cannot be activated. If no virus is found,
WinRoute
sends
the client the rest of the file and the transmission is completed successfully.
Optionally, a warning message informing about a virus detected can be sent to the user who
tried to download the file (see the
Notify user by email
option).
Warning
1.
The purpose of the antivirus check is only to detect infected files, it is not possible to heal
them!
2.
If the antivirus check is disabled in HTTP and FTP filtering rules, objects and files matching
corresponding rules are not checked. For details, refer to chapters
and
).
3.
Full functionality of HTTP scanning is not guaranteed if any non-standard extensions to
web browsers (e.g. download managers, accelerators, etc.) are used!
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...