Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Newbie
    Join Date
    Feb 2014
    Posts
    14

    Default Is Virus Blocker Lite still useful?

    I'm having an issue with Virus Blocker Lite blocking a TLS 'handshake' for just 1 single email domain that our company is working with. It stops all outgoing emails to that domain.

    If I look at the Virus Blocker Lite reporting it seems like it's never blocked anything. We don't own a license for SSL Inspector so it's not really stopping anything in the email department anyway.

    I've tried disabling all three of its scanning options (http, smtp, ftp) and adding the site we are emailing to the 'pass sites'. But we can still not email them if virus blocker lite is running. As soon as I shut it down, we can email them perfectly.

    I hate to turn it off, I feel like even if it caught one virus it would be worth while. Is there anything else I can do, or should I just shut it off?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,574

    Default

    VB Lite does not look at HTTPS. What protocol is the TLS 'handshake' issue on?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Feb 2014
    Posts
    14

    Default

    It's an Exchange server, sending emails so I'm pretty sure it's just port 25. Our spam filter does the TLS/SSL, but I'm not certain if it changes ports to 443 do that or not.

    I do know it's missing the majority of them. VB Lite has scanned 99 messages today but we've received 1300+. Edit: I think the only reason it was 99 is because I was working on updating our email servers TLS cert today, so it was going up and down. Should usually less than 99.
    Last edited by powdermnky007; 01-27-2021 at 03:09 PM.

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,574

    Default

    VB will abandoned TLS connections on port 25. I have seen issues with malform TLS SMTP and VB. I would just bypass port 25 traffic and do the virus and spam scanning on the server.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    Feb 2014
    Posts
    14

    Default

    Sounds good, how should I bypass port 25? Thank you in advance.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,935

    Default

    I wouldn't bypass TCP 25, I'd use policy rules to shove it into its own policy. That policy would have apps that are useful for SMTP monitoring, like the firewall app, and perhaps the intrusion prevention module.

    The firewall app alone for the logging is essential for troubleshooting.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Newbie
    Join Date
    Feb 2014
    Posts
    14

    Default

    I definitely want it going through the firewall app. I block all IPs coming from China. Maybe that only stops 10% of spam, but I'll take it. We have zero clients over there.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,935

    Default

    Quote Originally Posted by powdermnky007 View Post
    I definitely want it going through the firewall app. I block all IPs coming from China. Maybe that only stops 10% of spam, but I'll take it. We have zero clients over there.
    Then use the policy manager! I do this for ingress EVERYTHING, because if you don't it goes through the same insanity as random web requests going out. That's generally BAD for all sorts of reasons.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Newbie
    Join Date
    Feb 2014
    Posts
    14

    Default

    Thank you for your help sky-knight! I appreciate it, but is there any way to do it besides the policy manager? The only app we've purchased is the web filter and I won't be able to make any purchases at work for a few months.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,935

    Default

    If you don't have policy manager then your only recourse is bypass.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2