Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 9 replies
  • Subscribers 0 subscribers
  • Views 708 views
  • Users 0 members are here
Options
Suggested

[7.920][BUG][FIXED] HTTP Proxy AV does not work

Sascha Paris
The AV of the HTTP Proxy does not scan for Malware anymore ? Tried Eicar Testpage 


2010:06:02-22:27:43 asg01 httpproxy[9205]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.203" dstip="188.40.238.250" user="" statuscode="200" cached="0" profile="REF_UAQGIIBteF (LAN_TRANSPARENT)" filteraction="REF_LmvZxpuYeo (NZU)" size="184" time="39 ms" request="0x95ccce0" url="www.eicar.org/.../zip" 
Parents
  • 0
    All,

    please check if eicar gets blocked in single scan configuration after issuing 

    patterndist avira'
    /var/mdw/scripts/httpproxy restart

    as root on the cmdline. This bug may be related to the 'failed to get scanner instance' error. Thanks!
  • 0 in reply to svens
    I had posted about this https://community.sophos.com/products/unified-threat-management/astaroorg/f/102/t/69643 but it got lost in that thread. 

    My single scan works fine after the rebuild so I think you are safe to say it was related. 

    2010:06:07-22:45:19 gatekeeper httpproxy[15027]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.0.10" dstip="188.40.238.250" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4913" time="218 ms" request="0x9e6b9b58" url="http://www.eicar.org/download/eicar_com.zip" exceptions="" error="" category="126" reputation="neutral" categoryname="Information Security" content-type="application/zip" engine="Astaro-AV" virus="Eicar-Test-Signature"
Reply
  • 0 in reply to svens
    I had posted about this https://community.sophos.com/products/unified-threat-management/astaroorg/f/102/t/69643 but it got lost in that thread. 

    My single scan works fine after the rebuild so I think you are safe to say it was related. 

    2010:06:07-22:45:19 gatekeeper httpproxy[15027]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.0.10" dstip="188.40.238.250" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4913" time="218 ms" request="0x9e6b9b58" url="http://www.eicar.org/download/eicar_com.zip" exceptions="" error="" category="126" reputation="neutral" categoryname="Information Security" content-type="application/zip" engine="Astaro-AV" virus="Eicar-Test-Signature"
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?