Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 5 replies
  • Subscribers 0 subscribers
  • Views 1373 views
  • Users 0 members are here
Options
Suggested

[7.490][QUESTION][ANSWERED] Content Blocked with a valid download

FreudianSlip
Not sure if this is specific to v7.490 but..

If I configure my browser to use my ASG and then attempt to download 

PHP: Get Download

php 5.3 in either bz2 or gzip formats, I get a content blocked message.  Almost instantly for the bz2, but after the download bar completes with the .gz.

If I then avoid the proxy and go direct, the link & download work 1st time for either file, so it's not a mis-labelled site down message (in this instance).

Bug? (I cant test it on previous versions of ASG without screwing things up this side)
  • 0 
    Astaro Beta Report
    --------------------------------
    Version: 7.490
    Type: QUESTION
    State: ANSWERED
    Reporter: FreudianSlip
    Contributor: 
    MantisID: 
    --------------------------------
  • 0
    Can you post the relevant lines from the Content Filter (HTTP) log?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Taken from the log as requested:

    name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="192 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:13:52 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="190 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:14:03 wmclasg httpproxy[3963]: [0xb22ad568] avira_error_cb (avirascanner.c:81) name unkwn.tar --> php-5.3.0/ext/bz2/tests/004_2.txt.bz2, category 2, level 0, code 29 (Error processing archive)
    2009:09:13-07:14:03 wmclasg httpproxy[3963]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, error while scanning" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="500" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2211" time="35304 ms" request="0xb22ad568" url="uk.php.net/.../php-5.3.0.tar.bz2" exceptions="auth,content,url,mime" error="" engine="Astaro-AV"
    2009:09:13-07:14:03 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.253" user="" statuscode="200" cached="4" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="822" time="140 ms" request="0xb22ad568" url="uk.php.net/favicon.ico" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:13 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="187 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:14:16 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="39607" time="1067 ms" request="0xb22202c0" url="us2.php.net/.../mirror" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:19 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.253" user="" statuscode="302" cached="4" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1" time="434 ms" request="0xa87324f8" url="us2.php.net/.../mirror" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:28 wmclasg httpproxy[3963]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="404" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction=" ()" size="2191" time="13360 ms" request="0xb22202c0" url="passthrough.fw-notify.net/favicon.ico" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:31 wmclasg httpproxy[3963]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="404" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction=" ()" size="2191" time="0 ms" request="0xb22590b8" url="passthrough.fw-notify.net/favicon.ico" exceptions="auth,content,url,mime" error=""
    2009:09:13-07:14:34 wmclasg httpproxy[3963]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.253" user="" statuscode="200" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="189 ms" request="0xb2268e20" url="207.46.124.153/.../gateway.dll
    2009:09:13-07:14:43 wmclasg httpproxy[3963]: [0xb2259f68] avira_error_cb (avirascanner.c:81) name php-5.3.0.tar --> php-5.3.0/ext/bz2/tests/004_2.txt.bz2, category 2, level 0, code 29 (Error processing archive)
    2009:09:13-07:14:44 wmclasg httpproxy[3963]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, error while scanning" action="block" method="GET" srcip="192.168.1.253" user="" statuscode="500" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2209" time="24711 ms" request="0xb2259f68" url="uk.php.net/.../php-5.3.0.tar.gz" exceptions="auth,content,url,mime" error="" engine="Astaro-AV"
    2009:09:13-07:14:53 wmclasg httpproxy[3963]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.1.253" user="" statuscode="404" cached="0" profile="REF_zpVgrWaczq (Default Proxy Profile)" filteraction=" ()" size="2199" time="34510 ms" request="0xb2259f68" url="passthrough.fw-notify.net/.../462022" exceptions="auth,content,url,mime" error=""
  • 0
    Thanks.  Here are the portions of a blocked line that provide the key to understanding the problem:

    name="web request blocked, error while scanning"

    size="2211" time="35304 ms"


    Many sites don't do a good job of handling the very slight delay caused by a virus scan, and this is indicated by the fact that it took 35 seconds to process 2KB.  If you add an exception for AV to the other exceptions for this site, that should fix the problem.

    Let us know if that doesn't do it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    The blocked file 'php-5.3.0/ext/bz2/tests/004_2.txt.bz2' is part of 
    the php testing suite and is an likely an intentionally broken archive.

    Use Websecurity Advanced 'Pass unscannable files' to let
    this pass.
Unfiltered HTML