Chapter 5. Virus Check

Dr.Web for Kerio WinRoute detects the following malicious objects:

Infected attachments in e-mails and infected objects transmitted via HTTP and FTP protocols or using the web-service Kerio Clientless SSL VPN, including:
Infected archives
Bomb viruses in files or archives
Adware
Hacktools
Dialer programs
Joke programs
Riskware

You can specify the protocols that would be  scanned  for  viruses  by Dr.Web for Kerio WinRoute and set up the anti-virus options determining the types of detected malicious objects.

Dr.Web for Kerio WinRoute uses different detection methods and scans the traffic transferred via selected protocols. In case a virus is detected by Dr.Web for Kerio WinRoute it is processed according to the settings of Kerio WinRoute Firewall/Kerio Control (see Table 8) that are specified on the tabs of the Configuration -> Content Filtering -> Antivirus section in administration console for Kerio firewall.

Table 8. Settings of traffic scanning and actions applied to detected malware.

Tab

Description

HTTP, FTP scanning

If a virus is detected in traffic going through HTTP and FTP protocols, its transmission is denied and the firewall performs the actions specified on this tab by administrator. Using this tab administrator can also specify the actions of firewall in case the transferred file cannot be checked for viruses and the scanning rules determining which types of objects would be checked by Dr.Web for Kerio WinRoute.

Email scanning

On this tab the settings of anti-virus check of SMTP and POP3 protocols can be specified as well as the actions in case a virus is detected in the attached files or anti-virus check fails (due to corruption or encryption of the file).

SSL-VPN scanning

This tab allows to set up the scanning of the files transferred via the Kerio Clientless SSL VPN web-service. You can enable scanning for the uploaded and/or downloaded files and specify the actions in case the transferred file cannot be checked for viruses.

In case Dr.Web for Kerio WinRoute detects a virus or other malware, the administrator can de notified about it by e-mail or SMS. Besides, information on all detected malicious objects is accumulated in alert log of Kerio WinRoute Firewall/Kerio Control.

For detailed information on scanning of different types of traffic and sending notifications see the Administrator's Guide of Kerio WinRoute Firewall/Kerio Control available on the Kerio official web site at http://www.kerio.com/supp_kwf_manual.html.