SMTP and Encrypted .ZIP Attachments

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

SMTP and Encrypted .ZIP Attachments

Postby alyork » Jan 24 09 6:56 pm

We send out client info in encrypted .ZIP files attached to emails.

However, Kaspersky blocks this email. So we go into Gatekeeper, turn off Kaspersky in SMTP, send the email and then turn Kaspersky back on again. This seems a bit silly to me. I looked for some place in SMTP to see if I could tell it not to pass .ZIP files to Kaspersky and I looked in Kaspersky to see f I could remove .zip files from being scanned from outgoing email for specific computers.

I didn't see any such facility. Maybe I just missed it. Can anyone help.

- Al

"An unknown error has occurred. Subject 'Fw: Updated notes', Account: 'xxl@xxx.xx', Server: 'mail.telus.net', Protocol: SMTP, Server Response: '550 Content blocked. Kaspersky AntiVirus 2.0 for WinGate blocked . The file could not be scanned', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC69"
alyork
 
Posts: 95
Joined: Jun 13 08 3:57 pm
Location: Vancouver, Canada

Re: SMTP and Encrypted .ZIP Attachments

Postby saubrey » Jan 27 09 4:38 am

I don't know how to configure AV to skip ZIP files, but you can configure AV to "pass thru" (e.g. ignore) files that it gets an error when attempting to scan. In your case, it seems that AV is getting an error when attempting to scan the ZIP and the default for AV is to block files it can not scan, which is why it is blocked. A work around for this is to setup Custom scanning rules in the AV plug-in for Wingate. In the Wingate AV plug-in choose Custom for scanning rules, then you can configure what AV should do for different situations like what to do when it gets an error scanning a file. You can configure "pass thru" for scanning errors and then AV will not block files it gets an error scanning...instead it will ignore them.
saubrey
WinGate Master
 
Posts: 207
Joined: Sep 15 03 12:55 pm

Re: SMTP and Encrypted .ZIP Attachments

Postby alyork » Feb 02 09 3:41 pm

Tried saubrey's suggestion and yes it does work. However its dangerous as there is no way to state if the traffic is outgoing or incoming, http, pop3 or smtp.

I think that the Kaspersky plugin needs a whole lot of work to resolve the issues with file transfers, statistics on what it does, and make it more configurable. There is too much being taken on faith and we have had considerable experience with toxic email attachments and files transfers getting through either unchecked or incorrectly flagged as safe.
alyork
 
Posts: 95
Joined: Jun 13 08 3:57 pm
Location: Vancouver, Canada

Re: SMTP and Encrypted .ZIP Attachments

Postby adrien » Feb 05 09 11:40 am

We are basically re-writing the Kaspersky AV plugin from scratch for WinGate 7.

There's still a chance to have a say in what features you'd like.

The new plugin will be using different interfaces for HTTP and mail, so will be able to behave differently. If you've seen the WinGate 7 preview, then you might understand what I mean when I say we plan to make control of the module accessible to policy. What this means is that the user will be able to

a) specify whether to scan or not
b) specify scan result actions

based on policy, which allows you to base these decisions above on any available parameter in the system, including

1. request details
2. user details
3. time of day
4. etc etc etc.

Combining these 2 sets of things allows you to do things like specify not to scan for a certain user, or a certain group of users, or site, or whatever and whenever.

And scan results can result in additional actions, such as notifications, logs, performing additional tasks as well as the overall result of passing or blocking the file.

If you have any things you'd like to see in there, please let us know!

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 2 guests