Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Antivirus
  3. Articles

Configuring Antivirus Protection in Kerio Control

Overview

Kerio Control provides an integrated Kerio Antivirus powered by the Bitdefender antivirus engine, which checks objects (files) transmitted by HTTP, FTP, SMTP, and POP3 protocols. In the case of HTTP and FTP protocols, the firewall administrator can specify which types of objects are scanned.

The usage of Kerio Antivirus requires a special license.

Prerequisites

Conditions and Limitations of Antivirus Scan

The antivirus check of objects transferred by a particular protocol can be applied only to traffic where a corresponding protocol inspector which supports the antivirus is used. This implies that the antivirus check is limited by the following factors:

  1. An antivirus check cannot be used if the traffic is transferred by a secured channel (SSL/TLS). In such a case, it is not possible to decipher traffic and separate transferred objects.
  2. Within email antivirus scanning, the firewall only removes infected attachments - it is not possible to drop the entire email messages. In the case of the SMTP protocol, only incoming traffic is checked (i.e. traffic from the Internet to the local network). The check of outgoing traffic causes problems with temporarily undeliverable emails.
  3. If a substandard port is used for the traffic, the corresponding protocol inspector will not be applied automatically. In that case, define a service that will allow this traffic using a protocol inspector.

If you set a strict content filtering policy, ensure that Kerio Antivirus can reach the following URLs:

  1. bdupdate.kerio.com
  2. bdupdate-cdn.kerio.com

Solution

  1. In the administration interface, go to Antivirus.
  2. On tab Kerio Antivirus select option Use Kerio Antivirus. This option is available if the license key for Kerio Control includes a license for the Kerio Antivirus module or in trial versions.
  3. Select option Check for the update every ... hours. If any new update is available, it is downloaded automatically. If the update attempt fails, detailed information is logged into the Error log
    control_antivirus.png                   
    Note: If the update attempt fails, detailed information is logged into the Error log.
  4. Once the Update Now button is clicked, the new Virus database definitions are being downloaded automatically.
    control_antivirus2.png
  5. Check protocols HTTP, FTP, and POP3 in the Protocols section. For advanced options, go to the following tabs:
    1. HTTP, FTP Scanning.
    2. Email Scanning.
  6. SMTP scanning is disabled by default. You can enable it for inbound connections. However, if you use Kerio Connect with greylisting, do not enable SMTP scanning.
  7. In Settings, the maximum size of files to be scanned for viruses at the firewall can be set. Scanning of large files is demanding for time, the processor, and free disk space, which might affect the firewall's functionality. It might happen that the connection over which the file is transferred is interrupted when the time limit is exceeded.
    WARNING: We strongly discourage administrators from changing the default value for a file size limit. In any case, do not set the value to more than 4 MB.
  8. Click Apply.

Confirmation

Kerio Control has configured antivirus protection successfully. 

Related Articles

Configuring email scanning in Kerio Control

Configuring HTTP and FTP scanning in Kerio Control

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments