English Forums > Zenarmor (Sensei)

Is Sensei able to block Malware?

(1/2) > >>

guenti_r:
Hi,

i am evaluating Sensei.
For me, an very important feature is blocking known Malware.
Everything works well, but downloading an Testvirus EICAR was not blocked by Sensei.
Is this normal?

Edit:
It seems Sensei does not block ANY Malware!
I am using the Home Edition, but it never blocks random Malware (it does not matter if HTTPS or HTTP).

Cheers

jclendineng:
Its not meant to block malware.  Thats what local av is for on desktops along with suricata signature analysis.  Sensei is a web filter.  If you go to a known malware domain it will block if that option is selected, it absolutely is not meant to replace a virus scanner, or common sense.  ClamAV in the opnsense plugins section can do this as well, though its clamav so your mileage may vary.  Hope this helps :)

Edit:  ClamAV is probably not an option for a home user anyways, most (all) traffic should be SSL/HTTPS meaning no visibility really unless you have a certificate you generate on all devices being filtered.  Sensei or any web filter/dns based system can see hostname/ip you go to but NOT the content, thats what is expected with SSL and is the point of it, so any SSL visibility appliance (untangle has sslv, clamav sniffs traffic, etc.) needs a server/client cert in order to decrypt traffic.  Thats not feasible at home with IOT devices, phones etc.  Best you can do is block known malicious domains and teach people common sense web browsing + no torrents/warez and you wont get malware.  Sensei has a wide range of options to block all of those things.

guenti_r:
Not true.
From Sunnyvalley-Website:


--- Quote ---Stop Threats in Real Time
Unlike basic internet traffic filtering firewalls, ZENARMOR from Sunny Valley Networks provides a powerful, enterprise-class content filtering engine that detects and blocks advanced malware as well as highly sophisticated threats.
--- End quote ---

Furthermore, in Policies, the Settings says

--- Quote ---Block Recent Malware/Phishing/Virus Outbreaks
--- End quote ---

So, what?
Is Sensei simply a collection of Blocklists (IP/DNS) with a nice GUI?

athurdent:
Well, there is no SSL filtering, not implemented yet and it comes with implications. E.g. apps like Skype that only trust their built-in CAs and won't work if you try to fool them with your own CA.
So, anything that is SSL, will probably be either matched by a pattern or filtered by URL/DNS. There is no sandboxing either, but that also comes with implications, because the first sample usually goes through unless it's already known.
Other than that, blocking malicious content is working well, see my screenshot below. Blocking certain services and categories, too.

For anything that does not work, send feedback in a ticket to the friendly guys at Sunnyvalley, they'll usually take care of problems very quick. Only the best experiences with their support so far, very helpful, kudos go out to Salih and Murat!

guenti_r:
Already opened a Ticket.
Wondering why no Eicar was detected (incl. HTTP (without -S!)
Evaluating Sensei for my home and maybe (if the Malware-Detection works as adviced(!)) for our customers.

Navigation

[0] Message Index

[#] Next page

Go to full version