Configuring antivirus protection
Kerio Control provides integrated Kerio Antivirus powered by the Bitdefender antivirus engine, which check objects (files) transmitted by HTTPHypertext Transfer Protocol - protocol for exchange of hypertext documents in HTML., FTPFile Transfer Protocol - Protocol for transferring computer files from a server., SMTP and POP3Post Office Protocol 3 - A protocol used by local email clients to retrieve emails from mailboxes over a TCP/IP connection. protocols.
In case of HTTP and FTP protocols, the firewall administrator can specify which types of objects are scanned.
Use of Kerio Antivirus requires a special license.
Conditions and limitations of antivirus scan
Antivirus check of objects transferred by a particular protocol can be applied only to traffic where a corresponding protocol inspector which supports the antivirus is used. This implies that the antivirus check is limited by the following factors:
- Antivirus check cannot be used if the traffic is transferred by a secured channel (SSLSecure Sockets Layer - A protocol that ensures integral and secure communication between networks./TLSTransport Layer Security - A follower of the SSL protocol and ensures secure communication between networks.). In such a case, it is not possible to decipher traffic and separate transferred objects.
- Within email antivirus scanning, the firewall only removes infected attachments - it is not possible to drop entire email messages. In case of SMTP protocol, only incoming traffic is checked (i.e. traffic from the Internet to the local network). Check of outgoing traffic causes problems with temporarily undeliverable email.
- If a substandard port is used for the traffic, corresponding protocol inspector will not be applied automatically. In that case, define a service which will allow this traffic using a protocol inspectorThe inspector filters the communication or adapt the firewall's behavior according to the protocol type..
If you set a strict content filtering policy, ensure that Kerio Antivirus can reach the following URLs:
For details about creating content rules, see Configuring the Content Filter.
Configuring antivirus protection
- In the administration interface, go to Antivirus.
- On tab Kerio Antivirus, select option Use Kerio Antivirus This option is available if the license key for Kerio Control includes a license for the Kerio Antivirus module or in trial versions.
- Select option Check for update every ... hours. If any new update is available, it is downloaded automatically. If the update attempt fails, detailed information are logged into the Error log.
If the update attempt fails, detailed information are logged into the Error log.
- Check protocols HTTP, FTP and POP3 in the Protocols section. For advanced options, go to the following tabs:
- HTTP, FTP Scanning - see article Configuring HTTP and FTP scanning
- Email Scanning - see article Configuring email scanning
- SMTP scanning is disabled by default. You can enable it for inbound connections. However, if you use Kerio Connect with greylisting, do not enable SMTP scanning.
- In Settings, maximum size of files to be scanned for viruses at the firewall can be set. Scanning of large files are demanding for time, the processor and free disk space, which might affect the firewall's functionality. It might happen that the connection over which the file is transferred is interrupted when the time limit is exceeded.
We strongly discourage administrators from changing the default value for file size limit. In any case, do not set the value to more than 4 MB.
- Click Apply.