WinGate Forums

[saubrey]

I have WG 6.03 with AV plugin enabled for HTTP and FTP, and I use ENS with TR. Norton AV definition downloads always abort after downloading 75%. (I have drip feed turned on for WG AV plugin). When I turn off the AV plugin for WG, then Norton AV definitions always download correctly. Funny thing is that only on my XP client computer does Norton AV definitions always abort at 75%. On my Win2K and Win98 computers Norton AV defs always fully download even when the WG AV plugin is enabled. The difference is that the XP client computer has Norton 2004 and the Win2k and Win98 computers have older versions of Norton. Can you help me fix the download problem? Thanks, Steve

[Bob Tucker]

I have the same setup and had the same problem. The only difference is that we have Symantec Antivirus Corporate 8.1, but the the AV definitons and oother updtaes from Symantec to the SAV Server had exactly the problem that you describe. We have Lavasoft Ad-Aware on all workstations in order to manage Spyware. The updates for Lavasoft's Ad-Aware have the same problems you describe. Wingate client PCs communicate via NAT - which was interectpted by the WWW proxy with Kaspersky AV plugin enabled as you describe. I had the same problem with Symantec Liveupdate not completing downloads as you describe; and enabling drip feed did not fix the problem - aslso as you describe. I no longer intercept NAT in WWW so as to bypass this problem as well as problems with some scripts that would not work correctly when NAT was interecpted in the WWW proxy. Where I was never able to fully resolve the problem, I did find that when I configured clients to directly connect via proxy (rather than interecpting via ENS), Symantec Live Update did usually complete downloads. (Lavasoft's updates, however, did not complete unless I used ENS.) I asked about the fact that I got different results when I intercepted ENS in the WWW proxy as opposed to connecting to the proxy directly in another post on this site recently, and I was told the results should be the same. I trust the folks at QBIK can point you in the right direction. I look forward to their response as I also would like to knopw how to deal with this.

Regards,

Bob Tucker

[Pascal]

From the sound of it the clients are timing out. The 75% point is where WinGate will begin scanning the update. (During that time, if drip-feeding is on it will still send small increments through). Possibly, there is a difference in the LiveUpdate mechanism between 2004 and the earlier versions? Is it possible to set a timeout for it / something similar?

The best suggestion I can make for you gentlemen at the moment would be to add those trusted downloads / URLs to the list of entries that are not scanned. That should not comprise your security; as you could reasonably expect that those downloads will be safe and secure.

[Bob Tucker]

Thank you. Your approach would seem to make sense, and I will denititely try it.

Kindest Regards,

Bob Tucker

[saubrey]

Your suggestion of adding the symantec liveupdate URL to the AV plug-in's trusted sites works for me, and is a good temporay solution. However a permanent solution, sometime in the future, would be best as I can't keep adding trusted sites one, by one, as individual clients bump into them.

There seems to be no mechanism for setting a timeout value in my Norton AV program, and the interesting thing is that Norton AV seems to abort within only 15 seconds of reaching 75%. Question. Since drip-feed at the 75% level is sending some small number of bytes, is it possible to configure WG's number of bytes that is drip-fed? Possibly all I would need to do is increase the number of drip feed bytes, and Norton AV would be happy and not abort? Is there a Registry options that I can modify? Thanks, Steve

[Pascal]

The drip feeding will occur every 10 seconds, and will send 1452 bytes (normal TCP MTU according to the source). There's no override for it in the current version.

It could be that the timeout is close enough to that time block, that on a 'slower' computer this could result in simple starvation because of the overhead of scanning, etc. But that seems like an utmost rare case, I'd not even wager 5c on that.

Because it is effectively a live data stream we do need to pause the direct feed while we begin scanning and then drip-feed bits through. There is not much we can do about that. (Which is part of why the overrides were added) Agreed though, it is a definite hassle to have to do that.

Let me ask somebody I know at Symantec, see if they have any enlightening advice.

[Pascal]

Haven't had a response from them yet, but have found this on Symantec's website. I'm not sure which version of LiveUpdate you're using, but this might be an useful article.

Copy the URL to notepad to re-assemble in a version that doesn't totally destroy the forum layout.

http://service1.symantec.com/SUPPORT/sharedtech.nsf/
d3c44a1678bd8f45852566aa005902cb/02ce7c88d26e3f9
588256eef006163fa?OpenDocument&prev=http://search
.symantec.com/custom/reg_ap/techsupp/kb/query.html?
*col=kb*st=1*nh=10*qp=url:/nav.nsf/d4578f66d8f00a0
188256d4e006aaa94,,url:us-ts,,url:us-lu*qt=timeout*mi
niver=nav_2004*pcode=%3C%3E&sone=nav_2004_tas
ks.html&stg=3&prod=Norton%20AntiVirus&ver=2004%2
0for%20Windows%202000/Me/98/XP&base=http://www.
symantec.com/region/reg_ap/techsupp/nav/&next=nav_
2004_contact_tscs_solve_lu.html&tpre=reg_ap&src=reg_
ap_sg&pcode=

That is such a long URL. I've included the text of the article here for ease of use:

How to configure the time-out value for HTTP downloads in LiveUpdate version 2.5

Situation:
You have lengthy Internet operations in your environment that cause LiveUpdate to time out during file downloads. For example, you have proxies and firewalls that cache files and scan them before passing the downloads into the environment.

NOTE: The information on this page is for enterprise customers who run LiveUpdate on a network.

Solution:
In LiveUpdate 2.5, you can configure HTTP time-out values. The default time-out value is 30 seconds.

To adjust this setting, you must edit the Settings.LiveUpdate file. (By default, the Settings.LiveUpdate file is set to read-only; you must change that before you can edit the file.) This file is in the ...\All Users\Application Data\Symantec\LiveUpdate folder.

The following settings must be changed:

PREFERENCES\INTERNET_CONNECT_TIMEOUT=<value in seconds>
PREFERENCES\INTERNET_READ_DATA_TIMEOUT=<value in seconds>

The following is an example of how this setting would appear for a 30-second time-out value:

PREFERENCES\INTERNET_CONNECT_TIMEOUT=30
PREFERENCES\INTERNET_READ_DATA_TIMEOUT=30