GAV - Gateway Anti-Virus does not block password-protected zip files or viruses sent by e-mail

03/26/2020 21 14250

DESCRIPTION:

Gateway Anti-Virus configuration is correct but does not work properly for password protected zip files or viruses

CAUSE:

If the TLS* option is enabled on the Servers (mail/web) the connection will use TLS(SSL) encryption, therefore all the e-mails will pass through the SonicWall even with GAV enabled.

The reason for this is that they cannot be de-crypted and therefore the content cannot be checked:

- SonicWall is not an MTA* device, and even a more sophisticated SonicWall firewall version will not support the checking of encrypted e-mail. If this is a requirement please consider a dedicated SonicWall Email Security Solution

RESOLUTION:

- If the TLS is not enabled on just one server, the communication will not be encrypted with TLS/SSL protocol and the data will be sent in plain text,  allowing the GAV to check the content and block password protected Zip files or viruses according to the configuration done.

OR

 - The SonicWall® Email Security Appliance will offer the functionality even with TLS enabled, as it has wide MTA capabilities, please check - SonicWall Email Security Administrator’s Guide

*MTA a mail transfer agent (MTA) is a software application used within an Internet message handling system (MHS).It is responsible for transferring and routing an electronic mail message from the sender's computer to the recipient's computer.

*TLS is a standards-based protocol based on Secure Sockets Layer (SSL). TLS is rapidly being adopted as the standard for secure email. The protocol uses cryptography to provide endpoint authentication and communications privacy over the Internet.