Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 178
Chapter 13
Antivirus control
178
•
Enable TLS. This alternative is suitable for such cases where protection from wiretap-
ping is prior to antivirus check of email.
Hint
In such cases, it is recommended to install an antivirus engine at individual hosts that
would perform local antivirus check.
•
Disable TLS. Secure mode will not be available. Clients will automatically assume
that the server does not support TLS and messages will be transmitted through an
unencrypted connection. Firewall will perform antivirus check for all transmitted mail.
The If an attachment cannot be scanned section defines actions to be taken if one or multi-
ple files attached to a message cannot be scanned for any reason (e.g. password-protected
archives, damaged files, etc.):
•
Reject the attachment — WinRoute reacts in the same way as when a virus was detected
(including all the actions described above).
•
Allow delivery of the attachment — WinRoute behaves as if password-protected or
damaged files were not infected.
Generally, this option is not secure. However, it can be helpful for example when
users attempt to transmit big volume of compressed password-protected files (typi-
cally password-protected archives) and the antivirus is installed on the workstations.
13.5 Scanning of files transferred via Clientless SSL-VPN (Windows)
If WinRoute is installed on Windows, the antivirus check is performed also for transfers of files
between the local network and a remote client via Clientless SSL-VPN (see chapter
). The
SSL-VPN Scanningtab allows to set advanced parameters for scanning of files transferred via
this interface. For the Kerio WinRoute Firewall Software Appliance / VMware Virtual Appliance
administration, the SSL-VPN Scanning tab is not available.
Figure 13.10
Settings for scanning of files transferred via Clientless SSL-VPN