Chapter 14  Antivirus Control of Email And Attachment Filtering

Table of Contents

14.1  Integrated McAfee Anti-Virus
14.2  Choosing an external module for an antivirus program
14.3  Examples of configuration of external antivirus modules
14.4  Server responses to detection of a virus or a damaged/encrypted attachment
14.5  Filtering Email Attachments
14.6  Antivirus control statistics

In Kerio MailServer, you can check all incoming emails for viruses. The control can be performed by using two combinable methods. For this purpose, you can use either the internal McAfee antivirus, or any of the external supported antiviruses.

Immediately after the installation of Kerio MailServer, the internal McAfee antivirus is started. It is possible to support it by enabling any other of the supported external antivirus applications. Both antivirus programs can run concurrently. This provides for reliable protection of your local network, since the virus databases updates will be performed faster (one of the antiviruses can react to a new virus occurrence a couple of hours sooner than the other). The update speed is a key element of the protection against new viruses.

Both antiviruses can be also switched off, but it is not recommended, because users are not protected against infected emails.

Kerio MailServer checks (independently of the antivirus) JPEG attachments for corruption and presence of GDI+ exploit (a malicious code, usually with a virus, that can run the exploit upon system breakdown). All messages with such attachment will be deleted automatically.

Antivirus

Figure 14.1. Antivirus


Besides cooperation with an antivirus program, Kerio MailServer allows you to filter certain file types from email attachments (using file extension or MIME type), regardless of whether they are infected by a virus or not. To specify these options, go to the Configuration → Attachment filtering section.