Jump to content
Sign in to follow this  
Anguel

IMAP disinfection question [Solved]

Recommended Posts

Hi!

 

I use KSC 10.3.407 and KES 10.2.5.3201. I am running Stunnel in order to connect to my IMAP server through SSL and present the IMAP connection as unencrypted to Thunderbird. This way KES can scan the e-mail traffic.

This works so far, but I noticed that mails are disinfected only locally in Thunderbird but remain as infected on the IMAP server, i.e. the attachments are not deleted there.

Please let me know if this is expected behavior so that I know if it is normal or there is something wrong in my configuration. Thanks.

 

Anguel

Share this post


Link to post

Hi,

 

Yes it's a normal behavior, Mail AV which is a part of KES 10 protects workstations only.

For mail servers we have different products.

 

BR

Share this post


Link to post
Yes it's a normal behavior, Mail AV which is a part of KES 10 protects workstations only.

For mail servers we have different products.

 

Artem, thank you for the fast reply. Well, it is actually not the best solution when Kaspersky reports that the message has been disinfected but the virus is still on the server and reappears as soon as I reload the IMAP folder in Thunderbird or open the virus mail from the web interface of my provider. I expect that Kaspersky would need a special Thunderbird plugin to be able to delete the virus attachment from the IMAP server which it does not provide anymore.

 

Nice to know that you have different products for mail servers but this does not help me at all in this case, because all mail is stored on my provider's servers and I cannot tell them to buy a Kaspersky product. Also, as far as I know Kaspersky mail server products are not able to scan the IMAP protocol so I cannot use them locally either.

 

Share this post


Link to post
Am I right that you want KES be able to delete infected messages from a server?

You can create a feature request at the CompanyAccount

 

You are correct, the mail is fetched via IMAP from the e-mail service provider.

I doubt that a feature request will be successful, because Kaspersky seems to scan incoming traffic only but does not communicate back with IMAP server as far as I understand. But I can try :) Thanks.

 

Share this post


Link to post
You are correct, the mail is fetched via IMAP from the e-mail service provider.

I doubt that a feature request will be successful, because Kaspersky seems to scan incoming traffic only but does not communicate back with IMAP server as far as I understand. But I can try :) Thanks.

 

Please evaluate support help by using "Rating" option!

Share this post


Link to post

This is due to the nature of IMAP as a protocol. It is one of the 'benefits' of using IMAP.

IMAP is designed to leave mail on the mail server so that it can be accessed by multiple devices. As opposed to other protocols like POP3 which only store the emails until they are downloaded.

 

While we can scan any mail coming in over IMAP and clear any threat that resides on a local endpoint, we do not have the ability to send this information onto IMAP servers. This is also because it is not as simple as deleting an attachment. Depending on the results of a scan, files may be considered infected, but could also be considered as being probably infected. In cases of a file being infected, disinfection is attempted prior to deletion. And there is no way to attempt disinfection on a remote IMAP server that is not running our solutions.

 

In theory, the product could probably be designed to send a delete command to an IMAP server for anything the Endpoint detects. But this would mean files that could possibly be disinfected would be deleted. Also means any false positives would be deleted. And either of these are hardly ideal scenarios.

 

Unfortunately there is no ideal way to deal with this. At least that I can tell from my limited experience. Hope this helps.

 

 

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.