Fortigate firewall issue

Discussions on webmail and the Professional version.
Post Reply
TheDaywalker
Posts: 7
Joined: Tue May 06, 2014 8:23 am

Fortigate firewall issue

Post by TheDaywalker » Thu Aug 12, 2021 9:04 am

Hello, I've recently convinced one of my customer to have their own dedicated server for all the branches they have, as a web+mail server.
Two of their branches have fortigate firewall installed and here is where I'm having the issue.
If a mail message including virus arrives to a mailbox, when mail client (usually Thunderbird or Outlook) refreshes, the fortinite firewall detects the virus and forces connection to close (pop3 or imap) immediately, which leads a mailbox totally unusable. The only way then, is to login to webmail and find & delete the mail message which contains virus and delete it manually.

So, I understood that a standard version of Mail Enable would be insufficent and I've also convinced them to buy MailEnable Professional version just to enable antivirus support of mailenable to reduce and maybe even solve the issue.

After all, now I have the professional version of MailEnable using ClamAV but that definetely did not solve the problem. Yes, the cases decreased but it doesn't matter because it is still hapening more than once a day and of course this is not acceptable.

The main problem is, ClamAV is weak and unable to detect all the viruses that a firewall can.
If I can't figure this out, I will have to cancel the Professional license (which is in 60-day trial period)

Thank you.

MailEnable-Ian
Site Admin
Posts: 9524
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Fortigate firewall issue

Post by MailEnable-Ian » Thu Aug 12, 2021 11:35 pm

Hi,

There is a third party ClamAV signature provider (https://sanesecurity.com) with better detection that requires subscription which may help. However in regards to your problem with the Fortinite firewall shutting services down because of a virus in the inbox folder it would probably be a better option to disable the email proxy in the firewall to prevent this.

https://sanesecurity.com/
Regards,

Ian Margarone
MailEnable Support

TheDaywalker
Posts: 7
Joined: Tue May 06, 2014 8:23 am

Re: Fortigate firewall issue

Post by TheDaywalker » Fri Aug 13, 2021 12:44 pm

MailEnable-Ian wrote:
Thu Aug 12, 2021 11:35 pm
Hi,

There is a third party ClamAV signature provider (https://sanesecurity.com) with better detection that requires subscription which may help. However is regards to your problem with the Fortinite firewall shutting services down because of a virus in the inbox folder it would probably be a better option to disable the email proxy in the firewall to prevent this.

https://sanesecurity.com/
So, that means even if we pay for a pro version of mailenable, we still need some third-party modules to run a healty mail server? And even we do that, there is no guarantee it will work just fine, like a firewall does. (I've just installed and activated second antivirus scanner (F-Prot v6) and yet there are still infected emails passed from both of them, but not from Fortinite)

You are simply suggesting me to stop the one-and-only well-working protection. It's like suggesting someone to leave the doors unlocked, just because he is having an issue with his key.

I am fully aware that this is not directly about the MailEnable server itself but somehow this leads the mailboxes become unavailable, which eventually affects the MailEnable server. So I would expect the situation to be handled nicely in paid versions.

Maybe it's time to look for a better mail server instead of paying something that doesn't solve anything.

mikebonte
Posts: 49
Joined: Wed Nov 30, 2011 6:04 pm
Location: New Jersey

Re: Fortigate firewall issue

Post by mikebonte » Tue Sep 14, 2021 1:29 pm

Well what do you expect if you are intentionally interrupting the transmission between the client and server? That is the wrong place to have any sort of virus trapping, packet dropping, or connection blocking. That is a recipe for corrupted mailboxes and user frustration, are you are experiencing.

ClamAV is not great and I have never been thrilled with running SPAM/Virus detection right on the mailserver. Lately (about 5 years now) for my customers I have been using SPAMTitan's cloud solution prior to the MailEnable server. Viruses are killed out there and never even make it to ME and SPAM is tagged and forwarded for delivery to the junk boxes.

Then, as Ian suggested no virus checking between ME and the client. You can always run a virus protection out on the client if you need a last line of defense. We have excellent results with this setup.

Post Reply