Kerio Tech Firewall6 Network Router User Manual


 
Chapter 11 Antivirus control
170
type must be added to the end of the list (the Skip all other files rule is predefined for
this purpose).
11.4 Email scanning
SMTP and POP3 protocols scanning settings are defined through this tab. If scanning is
enabled for at least one of these protocols, all attachments of transmitted messages are
scanned.
Individual attachments of transmitted messages are saved in a temporary directory on
the local disk. When downloaded completely, the files are scanned for viruses. If no
virus is found, the attachment is added to the message again. If a virus is detected, the
attachment is replaced by a notice informing about the virus found.
Note: Warning messages can also be sent to specified email addresses (e.g. to network
administrators) when a virus is detected. For details, refer to chapter
17.3.
Warning:
1. Antivirus control within WinRoute can only detect and block infected attachments.
Attached files cannot be healed by this control!
2. Within antivirus scanning, it is possible to remove only infected attachments, entire
email messages cannot be dropped. This is caused by the fact that the firewall
cannot handle email messages like mailservers do. It only maintains network traffic
coming through. In most cases, removal of an entire message would lead to a failure
in communication with the server and the client might attempt to send/download
the message once again. Thus, one infected message might block sending/reception
of any other (legal) mail.
3. In case of SMTP protocol, only incoming traffic is checked (i.e. traffic from the In-
ternet to the local network incoming email at the local SMTP server). Checks
of outgoing SMTP traffic (i.e. from the local network to the Internet) might cause
problems with temporarily undeliverable email (for example in cases where the des-
tination SMTP server uses so called greylisting).
To check also outgoing traffic (e.g. when local clients connect to an SMTP server
without the local network), define a corresponding traffic rule using the SMTP pro-
tocol inspector. For details, see chapter
11.2.
Advanced parameters and actions that will be taken when a virus is detected can be set
in the Email scanning tab.