Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Antivirus control Warning: 1. The purpose of the antivirus check is only to detect infected files, it is not possible to heal them! 2. If the antivirus check is disabled in HTTP and FTP filtering rules, objects and files matching corresponding rules are not checked. For details, refer to chapters 13.2 and 13.5). 3. Full functionality of HTTP scanning is not guaranteed if any non-standard extensions to web browsers (e.g. download managers, accelerators, etc.) are used! To set parameters of HTTP and FTP antivirus check, open the HTTP, FTP scanning tab in Configuration → Content Filtering → Antivirus. Figure 14.7 Settings for HTTP and FTP scanning 196
14.3 HTTP and FTP scanning Use the If a virus is found... entry to specify actions to be taken whenever a virus is detected in a transmitted file: • Move the file to quarantine — the file will be saved in a special directory on the Kerio Control host. Kerio Control administrators can later try to heal the file using an antivirus program and if the file is recovered successfully, the administrator can provide it to the user who attempted to download it. The quarantine subdirectory under the Kerio Control directory is used for the quarantine (the typical path is C:\Program Files\Kerio\WinRoute Firewall\quarantine) Infected files (files which are suspected of being infected) are saved into this directory with names which are generated automatically. Name of each file includes information about protocol, date, time and connection number used for the transmission. Warning: When handling files in the quarantine directory, please consider carefully each action you take, otherwise a virus might be activated and the Kerio Control host could be attacked by the virus! • Alert the client — Kerio Control alerts the user who attempted to download the file by an email message warning that a virus was detected and download was stopped for security reasons. Kerio Control sends alert messages under the following circumstances: The user is authenticated and connected to the firewall, a valid email address is set in a corresponding user account (see chapter 16.1) and the SMTP server used for mail sending is configured correctly (refer to chapter 18.3). Note: Regardless of the fact whether the Alert the client option is used, alerts can be sent to specified addresses (e.g. addresses of network administrators) whenever a virus is detected. For details, refer to chapter 19.4. In the If the transferred file cannot be scanned section, actions to be taken when the antivirus check cannot be applied to a file (e.g. the file is compressed and password-protected, damaged, etc.): • Deny transmission of the file — Kerio Control will consider these files as infected and deny their transmission. Hint: It is recommended to combine this option with the Move the file to quarantine function — the firewall administrator can extract the file and perform manual antivirus check in response to user requests. 197
- Page 145 and 146: 9.4 Proxy server Proxy Server Confi
- Page 147 and 148: 9.5 HTTP cache Note: The configurat
- Page 149 and 150: 9.5 HTTP cache other objects can be
- Page 151 and 152: 9.5 HTTP cache TTL TTL of objects m
- Page 153 and 154: Chapter 10 Bandwidth Limiter The ma
- Page 155 and 156: 10.2 Bandwidth Limiter configuratio
- Page 157 and 158: 10.2 Bandwidth Limiter configuratio
- Page 159 and 160: 10.3 Detection of connections with
- Page 161 and 162: 11.1 Firewall User Authentication T
- Page 163 and 164: 11.1 Firewall User Authentication a
- Page 165 and 166: 12.1 Web interface and certificate
- Page 167 and 168: 12.2 User authentication at the web
- Page 169 and 170: Chapter 13 HTTP and FTP filtering K
- Page 171 and 172: 13.2 URL Rules Rules in this sectio
- Page 173 and 174: 13.2 URL Rules for example a rule a
- Page 175 and 176: 13.2 URL Rules • A page informing
- Page 177 and 178: 13.3 Content Rating System (Kerio W
- Page 179 and 180: 13.3 Content Rating System (Kerio W
- Page 181 and 182: 13.4 Web content filtering by word
- Page 183 and 184: 13.4 Web content filtering by word
- Page 185 and 186: 13.5 FTP Policy Weight Word weight
- Page 187 and 188: 13.5 FTP Policy Open the General ta
- Page 189 and 190: 13.5 FTP Policy Scan content for vi
- Page 191 and 192: 14.2 How to choose and setup antivi
- Page 193 and 194: 14.2 How to choose and setup antivi
- Page 195: 14.3 HTTP and FTP scanning Warning:
- Page 199 and 200: 14.4 Email scanning If only an aste
- Page 201 and 202: 14.4 Email scanning Figure 14.9 Set
- Page 203 and 204: 14.5 Scanning of files transferred
- Page 205 and 206: 15.2 Time Ranges Figure 15.2 IP gro
- Page 207 and 208: 15.3 Services Figure 15.4 Time rang
- Page 209 and 210: 15.3 Services Protocol The communic
- Page 211 and 212: 15.4 URL Groups Note: 1. Generally,
- Page 213 and 214: 15.4 URL Groups Examples:: • www.
- Page 215 and 216: 16.1 Viewing and definitions of use
- Page 217 and 218: 16.2 Local user accounts Accounts m
- Page 219 and 220: 16.2 Local user accounts Name Usern
- Page 221 and 222: 16.2 Local user accounts Step 3 —
- Page 223 and 224: 16.2 Local user accounts Figure 16.
- Page 225 and 226: 16.2 Local user accounts Within thi
- Page 227 and 228: 16.3 Local user database: external
- Page 229 and 230: 16.4 User accounts in Active Direct
- Page 231 and 232: 16.4 User accounts in Active Direct
- Page 233 and 234: 16.4 User accounts in Active Direct
- Page 235 and 236: 16.5 User groups Note: In case of u
- Page 237 and 238: 16.5 User groups Using the Add and
- Page 239 and 240: Chapter 17 Administrative settings
- Page 241 and 242: 17.3 Update Checking Figure 17.2 Tr
- Page 243 and 244: 17.3 Update Checking Last update ch
- Page 245 and 246: 18.1 Routing table Route Types The
14.3 HTTP and FTP scanning<br />
Use the If a virus is found... entry to specify actions to be taken whenever a virus is detected<br />
in a transmitted file:<br />
• Move the file to quarantine — the file will be saved in a special directory on the<br />
<strong>Kerio</strong> Control host. <strong>Kerio</strong> Control administrators can later try to heal the file using<br />
an antivirus program and if the file is recovered successfully, the administrator can<br />
provide it to the user who attempted to download it.<br />
The quarantine subdirectory under the <strong>Kerio</strong> Control directory is used for the<br />
quarantine<br />
(the typical path is C:\Program Files\<strong>Kerio</strong>\WinRoute Firewall\quarantine)<br />
Infected files (files which are suspected of being infected) are saved into this directory<br />
with names which are generated automatically. Name of each file includes information<br />
about protocol, date, time and connection number used for the transmission.<br />
Warning:<br />
When handling files in the quarantine directory, please consider<br />
carefully each action you take, otherwise a virus might be activated and<br />
the <strong>Kerio</strong> Control host could be attacked by the virus!<br />
• Alert the client — <strong>Kerio</strong> Control alerts the user who attempted to download the file by<br />
an email message warning that a virus was detected and download was stopped for<br />
security reasons.<br />
<strong>Kerio</strong> Control sends alert messages under the following circumstances: The user<br />
is authenticated and connected to the firewall, a valid email address is set in<br />
a corresponding user account (see chapter 16.1) and the SMTP server used for mail<br />
sending is configured correctly (refer to chapter 18.3).<br />
Note: Regardless of the fact whether the Alert the client option is used, alerts can<br />
be sent to specified addresses (e.g. addresses of network administrators) whenever<br />
a virus is detected. For details, refer to chapter 19.4.<br />
In the If the transferred file cannot be scanned section, actions to be taken when the antivirus<br />
check cannot be applied to a file (e.g. the file is compressed and password-protected, damaged,<br />
etc.):<br />
• Deny transmission of the file — <strong>Kerio</strong> Control will consider these files as infected and<br />
deny their transmission.<br />
Hint:<br />
It is recommended to combine this option with the Move the file to quarantine<br />
function — the firewall administrator can extract the file and<br />
perform manual antivirus check in response to user requests.<br />
197