Email scanning

SMTP and POP3 protocols scanning settings are defined through this tab. If scanning is enabled for at least one of these protocols, all attachments of transmitted messages are scanned by default.

Warning: Antivirus control within WinRoute can detect and block infected attachments. Attached files cannot be healed by this control!

Advanced parameters and actions that will be taken when a virus is detected can be set in the Email scanning tab.

In the Specify an action which will be taken with attachments... section, the following actions can be set for messages considered by the antivirus as infected:

  • Forward unmodified messages to email address untrustworthy messages will be, unchanged, forwarded to a specified email address (usually to the network administrator). The recipient can then try to heal infected files and later send them to their original addresses.

    Note: For email sending, SMTP Relay Server must be set in WinRoute see chapter SMTP Relay.

  • Move message to quarantine untrustworthy messages will be moved to a special directory on the WinRoute host. The WinRoute administrator can try to heal infected files and later send them to their original addressees.

    For the quarantine, the special quarantine subdirectory under the WinRoute directory is used

    (C:\Program Files\Kerio\WinRoute Firewall\quarantine by default). Messages with untrustworthy attachments are saved to this directory under names which are generated automatically by WinRoute. Each filename includes information about protocol, date, time and the connection number used for transmission of the message.

Note: Regardless of what action is set to be taken, the attachment is always removed and a warning message is attached instead.

Use the TLS connections section to set firewall behavior for cases where both mail client and the server support TLS-secured SMTP traffic.

In case that TLS protocol is used, encrypted connection is established first. Then, client and server agree on switching to the secure mode (encrypted connection). If the client or the server does not support TLS, encrypted connection is not used and the traffic is performed in a non-secured way.

If the connection is encrypted, firewall can analyze it and perform antivirus check for transmitted messages. WinRoute administrator can select one of the following alternatives:

  • Enable TLS. This alternative is suitable for such cases where protection from wiretapping is prior to antivirus check of email.

    TIP: In such cases, it is recommended to install an antivirus engine at individual hosts that would perform local antivirus check.

  • Disable TLS. Secure mode will not be available. Clients will automatically assume that the server does not support TLS and messages will be transmitted through an unencrypted connection. Firewall will perform antivirus check for all transmitted mail.

The If an attachment cannot be scanned section defines actions to be taken if one or multiple files attached to a message cannot be scanned for any reason (e.g. password-protected archives, damaged files, etc.):

  • Reject the attachment WinRoute reacts in the same way as when a virus was detected (including all the actions described above).

  • Allow delivery of the attachment WinRoute behaves as if password-protected or damaged files were not infected.

    Note: Generally, this option is not secure. However, it can be helpful for example when users attempt to transmit big volume of compressed password-protected files and the antivirus is installed on the workstations.

Additional Links

Search

Support

Documentation

Authorization

 
Forgot your password?
Register

Subscribe

Subscribe to company news