ORF External Agent KAV not blocking incoming threats - ORF Forums

ORF External Agent KAV not blocking incoming threats RSS Back to forum



I am running ORF Fusion for SBS 5.3 and Kaspersky Endpoint Security 10 as the external agent and I am having a lot of trouble getting KAV to do its job and block potential threats. I have KAV listed under the agents window. The agent executable is pointing to avp.com in program files and my cmd line parameter is "scan {EMAILFILESPEC} /i4" without the quotes.

I was sure to turn external agents ON and set it to "on arrival."

I am using eicar.com as a test file in hopes that the external agent blocks it but no matter what I try it keeps arriving in the email inbox.

Could anyone point me to a resource that might give me more detail on using this particular anti-virus with ORF? Or does anyone here have experience using KAV with ORF?

Sorry if I am leaving out any information that is needed! This is my first post. Any info anyone can provide will help. Google seems to be useless at this point.

by mspurrell 4 years ago

@mspurrell: Hello,

I don't use KAV but here are some general things to check:

On the ORF side:
- Be sure the external agent role is set as an Anti-Virus
- Check the ORF Admin/Information/Statistics to see if tests against KAV are running

On the KAV side:
- Look up command line options to see if you need to add anything to the External agent definition
- Be sure avp.com can handle MIME EML files and their attachments, as well as ZIPs
- You would probably want to use logging to check on things from the KAV side

On your side:
- Be sure the account you send tests from is not whitelisted, not is the Eicar attachment cleaned by the sending server before reaching ORF

Good luck,

by Sam Russo 4 years ago
(in reply to this post)


@Sam Russo: Hey Sam,

Thanks for taking the time to reply. I opened a service request with Vamsoft support and they quickly resolved my issue. We tried all the suggested steps but in the end all I had to do was point the external agent path to avp.exe rather than avp.com. After that change KAV blocked potential threats.



by mspurrell123 4 years ago
(in reply to this post)


I'm not sure how to close this thread. Sorry.

by mspurrell 4 years ago

@mspurrell: No worries - I'm glad it was an easy fix.

by Sam Russo 4 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2