| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| is possible to get html page without the virus? http://havp.hege.li/forum/viewtopic.php?f=3&t=78 |
Page 1 of 1 |
| Author: | shote [ 21 Apr 2006 12:43 ] |
| Post subject: | is possible to get html page without the virus? |
Hi, I'm tryin to open a html page which have a virus (and I know that 
The problem is that I still want to get the info on page, but because of the virus havp blocked it at all. Is possible anyway to get the rest of the page (so havp stop only suspicious and virus files - js,vbs.. etc.)? |
|
| Author: | hege [ 21 Apr 2006 12:51 ] |
| Post subject: | |
It is not really possible, because everything we do is match patterns from some file, which happens to be a complete html-page in this case. It would require huge modifications if we wanted to actually modify the pages and remove javascript etc.. and since we only match patterns, actually we wouldn't even know what to remove to disinfect the page. I don't know if using Privoxy would help in this case. It can detect some malicious javascript and remove it. Cheers, Henrik |
|
| Author: | shote [ 21 Apr 2006 12:58 ] |
| Post subject: | |
thanks
|
|
| Author: | Paul [ 27 May 2006 08:22 ] |
| Post subject: | Retrieving web pag containing virus |
If you really want to download the page, try getting it with a non-interpreting HTTP client like CURL. You can get the HTML into a text file and look at the it with a text editor to find what you want. |
|
| Author: | hege [ 27 May 2006 10:30 ] |
| Post subject: | |
Naturally you would have to whitelist the page first.. Cheers, Henrik |
|
| Author: | Paul Kosinski [ 28 May 2006 04:21 ] |
| Post subject: | Retrieving web page containing virus |
It obviously depends on the exact configuration, but I was more thinking of bypassing HAVP somehow. If you have multiple users, then whitelisting the page (even temporarily) could expose unsuspecting users to the virus. It's likely to be harder to bypass HAVP if it is forcibly interposed on port 80 on the Internet gateway. On the other hand, if HAVP is listening on a different port, then it is easy to bypass (unless a firewall prevents it). |
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|