Antivirus protection in Kerio Connect 9.2.1 and earlier


For Kerio Connect 9.2.2 and newer, see Antivirus protection in Kerio Connect .

Kerio Connect can protect against malicious emails with viruses. Viruses may infect your computer and cause harm to your files or to your computer system.

Kerio Connect's internal Sophos antivirus engine protects all email from these harmful viruses.


Sophos antivirus is an optional component and is not available for unregistered trial versions. See Licenses in Kerio Connect.

Configuring Sophos in Kerio Connect

  1. In the administration interface, go to the Configuration > Content Filter > Antivirus section.
  2. Select the option Use the integrated Sophos antivirus engine.
  3. To update the virus database automatically, select Check for update every [hours]. Kerio Connect downloads the database files via the HTTPHypertext Transfer Protocol - A protocol for exchange of hypertext documents in HTML. protocol. Provide a persistent connection and allow the communication on your firewall or proxy server.
  4. New in Kerio Connect 8.4.2: To allow Kerio Connect to contact Sophos servers for the antivirus check, select Enable Sophos Live Protection. This option ensures that the Kerio Connect performs the antivirus check against an always up-to-date cloud database before it downloads the database with the regular update.Note that Kerio Connect sends only a one-way hash of the attachments to the Sophos servers.
  5. Select the action for messages that contain a virus. Kerio Connect can:
  • Discard the message
  • Deliver the message with the malicious code removed
  1. In addition, you can select from two options for forwarding messages:
  • Forward the original message to an administrator address
  • Forward the filtered message to an administrator address
  1. For any message that Sophos cannot scan, Kerio Connect Kerio Connect can do one of the following:
  • Deliver the original message with a warning prefixed
  • Reject the message as if it was a virus
  1. Click Apply.


Configuring the HTTP proxy server

If the computer with Kerio Connect is behind a firewall, you can use a proxy server to check for virus database updates.

  1. Go to Configuration > Advanced Options > HTTP Proxy.
  2. Select the option Use HTTP proxy for antivirus updates,...
  3. Type the address and port of the proxy server.
  4. If the proxy server requires authentications, select Proxy server requires authentication.
  5. Type the user name and password.
  6. Click Apply.

Go to Configuration > Content Filter > Antivirus and click Update Now to check the connection.

External antivirus

Kerio Technologies issued an Antivirus SDK for Kerio Connect and Kerio Control. The Antivirus SDK includes a public API that you can use to write plugins for third-party antivirus solutions.

Read Using external antivirus with Kerio products and this Kerio Blog post for detailed information.

Filtering message attachments

For information on scanning message attachments, read Filtering message attachments in Kerio Connect.


To view the statistics for Kerio Connect antivirus control, go to Status > Statistics. This section displays the number of messages checked, viruses detected, and prohibited attachments.


You can also consult the following logs:

  • Security — For information about virus database updates.
  • Debug — Right-click the Debug log area and enable Messages > Antivirus Checking


If the time from the last update is several times greater than the interval set, update the database manually and check the Error and Security logs.