Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 22 replies
  • Subscribers 1 subscriber
  • Views 8586 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Broken filtering antivirus scanning?

watnemoe1@comcast.net
I keep a tight firewall, using dual scan engine for web filtering. However this morning when I went to download applications, the proxy no longer intercepted the download and did a virus scan. Is this just me or has anyone else seen this problem today?


This thread was automatically locked due to age.
Parents
  • 0
    Also, please show the relevant lines from the 'Content Filter (HTTP)' log.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    The box is an i5 processor with 8 gig of memory with a 500 gig hard drive.
    I did a download from tucows to show the behavior of the proxy. The file was a 2 meg file


    url="ad.foxnetworks.com/imp
    2010:02:22-14:33:35 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="126 ms" request="0xa4462368" url="ad.foxnetworks.com/imp
    2010:02:22-14:33:35 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="147" time="66 ms" request="0xa4462b10" url="www.tucows.com/.../ondownload.php
    2010:02:22-14:33:35 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="35" time="104 ms" request="0xa4296700" url="www.google-analytics.com/__utm.gif
    2010:02:22-14:33:36 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="359" time="61 ms" request="0xa4462b10" url="www.tucows.com/.../html"
    2010:02:22-14:33:36 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="221 ms" request="0xa4462b10" url="www.tucows.com/autodownload.html
    2010:02:22-14:33:44 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="4" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="663" time="515 ms" request="0xa4400e08" url="www.qtl.co.il/.../png"
    2010:02:22-14:33:44 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="20360" time="733 ms" request="0xa4400708" url="www.google.com/dictionary
    2010:02:22-14:33:45 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="25214" time="874 ms" request="0xa44d1458" url="www.babylon.com/.../x-icon"
    2010:02:22-14:33:45 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="272 ms" request="0xa44c5aa0" url="csi.gstatic.com/csi
    2010:02:22-14:34:05 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4943" time="1710 ms" request="0xa4462b10" url="api.facebook.com/.../json"
Reply
  • 0 in reply to BAlfson
    The box is an i5 processor with 8 gig of memory with a 500 gig hard drive.
    I did a download from tucows to show the behavior of the proxy. The file was a 2 meg file


    url="ad.foxnetworks.com/imp
    2010:02:22-14:33:35 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="126 ms" request="0xa4462368" url="ad.foxnetworks.com/imp
    2010:02:22-14:33:35 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="147" time="66 ms" request="0xa4462b10" url="www.tucows.com/.../ondownload.php
    2010:02:22-14:33:35 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="35" time="104 ms" request="0xa4296700" url="www.google-analytics.com/__utm.gif
    2010:02:22-14:33:36 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="301" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="359" time="61 ms" request="0xa4462b10" url="www.tucows.com/.../html"
    2010:02:22-14:33:36 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="221 ms" request="0xa4462b10" url="www.tucows.com/autodownload.html
    2010:02:22-14:33:44 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="4" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="663" time="515 ms" request="0xa4400e08" url="www.qtl.co.il/.../png"
    2010:02:22-14:33:44 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="20360" time="733 ms" request="0xa4400708" url="www.google.com/dictionary
    2010:02:22-14:33:45 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="25214" time="874 ms" request="0xa44d1458" url="www.babylon.com/.../x-icon"
    2010:02:22-14:33:45 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.20" user="" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="272 ms" request="0xa44c5aa0" url="csi.gstatic.com/csi
    2010:02:22-14:34:05 nyx httpproxy[8691]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.20" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4943" time="1710 ms" request="0xa4462b10" url="api.facebook.com/.../json"
Children
No Data