Overview

Kerio Control provides an integrated Kerio Antivirus powered by the Bitdefender antivirus engine, which checks objects (files) transmitted by HTTP, FTP, SMTP, and POP3 protocols. In the case of HTTP and FTP protocols, the firewall administrator can specify which types of objects are scanned.

The usage of Kerio Antivirus requires a special license.

Important: 3rd-party Antivirus integrations like DrWeb, ESET, Kaspersky are not supported.

Prerequisites

If you set a strict content filtering policy, ensure that Kerio Antivirus can reach the following URLs:

1. bdupdate.kerio.com
2. bdupdate-cdn.kerio.com

Diagnosis

The antivirus check of objects transferred by a particular protocol can be applied only to traffic where a corresponding protocol inspector which supports the antivirus is used. This implies that the antivirus check is limited by the following factors:

1. An antivirus check cannot be used if the traffic is transferred by a secured channel (SSL/TLS). In such a case, it is not possible to decipher traffic and separate transferred objects.
2. Within email antivirus scanning, the firewall only removes infected attachments - it is not possible to drop the entire email messages. In the case of the SMTP protocol, only incoming traffic is checked (i.e. traffic from the Internet to the local network). The check of outgoing traffic causes problems with temporarily undeliverable emails.
3. If a substandard port is used for the traffic, the corresponding protocol inspector will not be applied automatically. In that case, define a service that will allow this traffic using a protocol inspector.

Solution

1. In the administration interface, go to Antivirus.
2. On tab Kerio Antivirus select option Use Kerio Antivirus. This option is available if the license key for Kerio Control includes a license for the Kerio Antivirus module or in trial versions.
3. Select option Check for the update every ... hours. If any new update is available, it is downloaded automatically. If the update attempt fails, detailed information is logged into the Error log. 
                    
   Note: If the update attempt fails, detailed information is logged into the Error log.
4. Once the Update Now button is clicked, the new Virus database definitions are being downloaded automatically.
   
5. Check protocols HTTP, FTP, and POP3 in the Protocols section. For advanced options, go to the following tabs:
   1. HTTP, FTP Scanning.
   2. Email Scanning.
6. SMTP scanning is disabled by default. You can enable it for inbound connections. However, if you use Kerio Connect with greylisting, do not enable SMTP scanning.
7. In Settings, the maximum size of files to be scanned for viruses at the firewall can be set. Scanning of large files is demanding for time, the processor, and free disk space, which might affect the firewall's functionality. It might happen that the connection over which the file is transferred is interrupted when the time limit is exceeded.
   WARNING: We strongly discourage administrators from changing the default value for a file size limit. In any case, do not set the value to more than 4 MB.
8. Click Apply.

Confirmation

Kerio Control Antivirus protection is enabled and running with an updated thread database definitions.

Related Articles

Configuring email scanning in Kerio Control

Configuring HTTP and FTP scanning in Kerio Control