| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| trojan still downloaded even havp report virus found http://havp.hege.li/forum/viewtopic.php?f=3&t=301 |
Page 1 of 1 |
| Author: | butz [ 10 Oct 2007 04:08 ] |
| Post subject: | trojan still downloaded even havp report virus found |
Strange , trojan still can be downloaded , after virus scanner found the trojan for the file havp report it is bad file , but seems file still into squid cache after try to access this page several times. after that , file already in squid cache , havp no longer report it is virus because not scanning. and it can be downloaded always. anydody want to try? ://60.191.223.75/wm.exe |
|
| Author: | hege [ 10 Oct 2007 09:56 ] |
| Post subject: | |
What kind of setup do you have? If it's a sandwich like in the example, this should not happen. PS. What scanner finds it? ClamAV doesn't.. |
|
| Author: | butz [ 10 Oct 2007 15:30 ] |
| Post subject: | |
Havp as parent server for squid. Internet -> havp -> squid -> user. Does any setting can make the case never happened? for the scanner , maybe you can try AVG: PSW.OnlineGames.LUW |
|
| Author: | hege [ 10 Oct 2007 15:49 ] |
| Post subject: | |
I'm not sure why the file would get through to Squid. Unless AVG has some error etc and it slips through. But it doesn't help that you have caching squid after havp, which is not recommended. HAVP should scan files coming from cache, since there might be something that didn't have signature before. |
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|