Email scanning, 4 email scanning – Kerio Tech Firewall6 User Manual
Page 185
13.4 Email scanning
185
Action
Settings in this section define whether or not the object will be scanned.
If the Do not scan alternative is selected, antivirus control will not apply to transmission
of this object.
The new rule will be added after the rule which had been selected before Add was clicked. You
can use the arrow buttons on the right to move the rule within the list.
Checking the box next to the rule can be used to disable the rule. Rules can be disabled
temporarily so that it is not necessary to remove rules and create identical ones later.
Note: If the object does not match with any rule, it will be scanned automatically. If only
selected object types are to be scanned, a rule disabling scanning of any URL or MIME type
must be added to the end of the list (the Skip all other files rule is predefined for this purpose).
13.4 Email scanning
SMTP and POP3 protocols scanning settings are defined through this tab. If scanning is enabled
for at least one of these protocols, all attachments of transmitted messages are scanned.
Individual attachments of transmitted messages are saved in a temporary directory on the
local disk. When downloaded completely, the files are scanned for viruses. If no virus is
found, the attachment is added to the message again. If a virus is detected, the attachment is
replaced by a notice informing about the virus found.
Note: Warning messages can also be sent to specified email addresses (e.g. to network admin-
istrators) when a virus is detected. For details, refer to chapter
Warning
1.
Antivirus control within WinRoute can only detect and block infected attachments. At-
tached files cannot be healed by this control!
2.
Within antivirus scanning, it is possible to remove only infected attachments, entire email
messages cannot be dropped. This is caused by the fact that the firewall cannot handle
email messages like mailservers do. It only maintains network traffic coming through. In
most cases, removal of an entire message would lead to a failure in communication with
the server and the client might attempt to send/download the message once again. Thus,
one infected message might block sending/reception of any other (legitimate) mail.
3.
In case of SMTP protocol, only incoming traffic is checked (i.e. traffic from the Internet to
the local network — incoming email at the local SMTP server). Checks of outgoing SMTP
traffic (i.e. from the local network to the Internet) might cause problems with temporarily
undeliverable email (for example in cases where the destination SMTP server uses so called
greylisting).
To check also outgoing traffic (e.g. when local clients connect to an SMTP server without
the local network), define a corresponding traffic rule using the SMTP protocol inspector.
For details, see chapter