Jump to content

winriver

Members
  • Content Count

    5
  • Joined

  • Last visited

About winriver

  • Rank
    Candidate
  1. I believe I've got the solution. In the manual for KAV 5.0 for Fileservers, Appendix B - Command Line Return Codes (summarized): Code Description 101 Not all the infected or suspicious objects have been removed 102 All infected objects have been cured 103 All variations of infected and suspicious objects have been relocated to quarantine 104 All infected and suspicious objects have been deleted 105 Infected objects have been detected 106 Variations of infected objects have been detected 107 Suspicious object have been detected 108 Not all the objects have been processed I plugged in 101 I believe, as our filter checks for whatever number or greater, since it doesn't matter to me what was done with the file from KAVs end - as long as something was detected I want the filter to not forward the email onto the exchange box. No more false positives at all, and it's caught everything I've sent in Thanks go to Mike from ICE systems for tracking it down! Maxx
  2. surfcontrol has predefined AV stuff in there, but kaspersky is not an option. For situations like this is has an 'other' option where you can manually point the the engine, which I put in kavshell.exe, and then you tell it what to expect to hear back if it finds one or more viruses. So the integration on surfcontrol's side is as much as possible - it's not feasible for them to know what to expect back from every AV product on the market. Therefore I'm considering it a kaspersky issue. I may be wrong, but I'm fishing to see if anyone has any ideas at this point. Any help is much appreciated, thanks! Maxx
  3. We just got our kaspersky licensing here, and we're in the process of deployment. Surfcontrol, which receives in our email before it hits the exchange box and filters it, needs some special setup for it's virus scanning side. Basically, it makes a call to the AV engine, which scans the file/message it's receiving inbound, and if the file has a virus then surfcontrol expects a certain Return Code from the AV engine which informs it of the presence of a virus - and if that's the case then it dumps that email message into a viral storage folder and keeps it from ever even hitting the exchange box. We've got it set so it calls kavshell.exe SCAN %D, where %D is the file it's wanting to get scanned. And then in the return code portion it's expecting to get a value >= 1 back, indicating that a virus has been found. This is where things have gotten interesting - It's knocking down all the viral email we've sent to ourselves from the outside, including the eicar test virus and also some real ones. BUT, it's also returning a *lot* of false positives. There's still a lot of valid, outside mail that IS getting through just fine though without getting shot down. So far I haven't been able to find any pattern whatsoever as far as why it would be shot down or wouldn't be show down, but it's consistantly found every virus, test or not, that we've sent through out of about 40. However, out of another 200 emails that we didn't send outselves that it's knocked into the 'viral' holding folder, only about 8 of those actually show a virus when we do a scan on the folder. No idea why the other 192 are showing up in there. Could well be a surfcontrol issue, however the kaspersky issue is that I need to know if anyone knows what return code kaspersky issues out that I can plug into surfcontrol in order to not get false positives like we are, indicating that ">=1" is not the correct solution, although it is correctly identifying viral files/emails. In that it's for sure *not* a surfcontrol issue, because it depends on the AV vendor. Any ideas? Maxx
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.