ORF External Agent KAV not blocking incoming threats RSS

1

Hello,

I am running ORF Fusion for SBS 5.3 and Kaspersky Endpoint Security 10 as the external agent and I am having a lot of trouble getting KAV to do its job and block potential threats. I have KAV listed under the agents window. The agent executable is pointing to avp.com in program files and my cmd line parameter is "scan {EMAILFILESPEC} /i4" without the quotes.

I was sure to turn external agents ON and set it to "on arrival."

I am using eicar.com as a test file in hopes that the external agent blocks it but no matter what I try it keeps arriving in the email inbox.

Could anyone point me to a resource that might give me more detail on using this particular anti-virus with ORF? Or does anyone here have experience using KAV with ORF?

Sorry if I am leaving out any information that is needed! This is my first post. Any info anyone can provide will help. Google seems to be useless at this point.

by mspurrell 2 years ago
2

@mspurrell: Hello,

I don't use KAV but here are some general things to check:

On the ORF side:
- Be sure the external agent role is set as an Anti-Virus
- Check the ORF Admin/Information/Statistics to see if tests against KAV are running

On the KAV side:
- Look up command line options to see if you need to add anything to the External agent definition
- Be sure avp.com can handle MIME EML files and their attachments, as well as ZIPs
- You would probably want to use logging to check on things from the KAV side

On your side:
- Be sure the account you send tests from is not whitelisted, not is the Eicar attachment cleaned by the sending server before reaching ORF

Good luck,
Sam

by Sam Russo 2 years ago
(in reply to this post)

3

@Sam Russo: Hey Sam,

Thanks for taking the time to reply. I opened a service request with Vamsoft support and they quickly resolved my issue. We tried all the suggested steps but in the end all I had to do was point the external agent path to avp.exe rather than avp.com. After that change KAV blocked potential threats.

Regards,

Matt

by mspurrell123 2 years ago
(in reply to this post)

4

I'm not sure how to close this thread. Sorry.

by mspurrell 2 years ago
5

@mspurrell: No worries - I'm glad it was an easy fix.

by Sam Russo 2 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed