Dec 22 09 8:18 pm
Dec 22 09 9:59 pm
1. How to check if PureSight is updating its DB and see the DB date?
2. Why download managers can not support resume when downloading via proxy even after adding the required site (e.g. symantec.com) to the "whitelist" both in KAV and PureSight?
P.S. While downloading via pure NAT (no interception by proxy) everything works fine.
3. How to allow downloads of encrypted archives and other files which KAV does not "like"?
It seems to me the reason is in the fact KAV can't open such files for checking and block them. How to change its behavior?
Dec 23 09 12:10 am
logan wrote:Check the last modified date of the StatListDb file from the Puresight folder. This will indicate when the file was last updated. If it doesn't seem to be updating, make sure updating is enabled in Puresights configuration.
logan wrote:Can you take a couple of screenshots of the symantec overrides you have set up for the forum. Thanks.
logan wrote:I don't see anywhere that scanning of encrypted archives can be disabled, but you can change what KAV does upon various scanning results. See GateKeeper -> Plugins -> Kaspersky AntiVirus for WinGate -> Settings -> Advanced. Here you can set things like unexpected errors to pass the file on instead of quarantine.
Dec 23 09 12:54 am
Jan 12 10 1:25 am
Jan 27 10 9:20 pm
Mar 22 10 2:41 am
Mar 23 10 1:02 pm
Mar 23 10 7:44 pm
adrien wrote:1. PureSight
The Puresight update issue should be solved with v3. I think it would be a lot more productive to debug issues relating to seeing PureSight 3 in your WWW proxy, than to try to debug issues with an older version not updating. Normally the refresh button in the plugins pane in the WWW proxy should make PureSight show up. There are a few steps we can go through to get it working - there aren't many links in the chain to break.
adrien wrote:2. Download Managers / resume.
This is due to having Kaspersky AV installed. Because Kaspersky AV cannot guarantee the safety of any file that it doesn't see the whole of, it forbids files to be downloaded in parts. Downloading files in parts is what download managers do. If you create a whitelist entry in Kaspersky AV to bypass scanning for the particular site or URL, you can re-enable downloading in parts for that site/url.
2. Download managers do not support resume when downloading via proxy. Both KAV and PS have the required site (e.g. symantec.com) exclusion (site-wide, not single url)!
While downloading via pure NAT (no interception by proxy) everything works fine.
The issue is still unsolved.
adrien wrote:3. DNS avalanche.
Question - do you have the cache enabled in the DNS resolver? We've found problems with certain types of lookups (following CNAME records and delegation) if caching is disabled. It can cause a lot of lookups.
...the problem is appearing when ISP's DNS server ip is set in Wingate machine's WAN TCP\IP properties (OS settings)...
adrien wrote:what's the IP of your ISP DNS server? We may need to try to test against it.
adrien wrote:An alternative could be to use an intermediate DNS server (say that you host yourself) to buffer between WinGate DNS resolver and the DNS server of your ISP.
adrien wrote:4. DNS service log vs DNS resolver log.
DNS service log only logs requests received from client machines that make DNS lookups. If they are set to use proxy, they won't use DNS for web surfing.
DNS resolver (DNS Client) logs everything to do with DNS for entire WinGate, so the WWW proxy looking up the site to connect to for the client. So the DNS client is always a lot more busy than the DNS server.
Clients will do DNS lookups if they think they need to resolve a name to an IP to connect to. If they are set to use proxy, and you specify the proxy by IP, then web browsers won't need to make any DNS lookups. Other apps may still want to look up names. For NAT, the client thinks it is connecting directly to the end server, so needs to resolve the name with DNS. This also is the case for SOCKS, and the WinGate client.
As 95% of my users use Proxy, I had a thought the DNS Resolver works always, while DNS service - only for NAT users!? (I mean DNS requests for site names requested via Wingate proxies are done directly by the resolver...). Is this the case?
Mar 23 10 7:58 pm
Mar 23 10 8:58 pm
adrien wrote:I'm not sure that "symantec.com" will match against a URL in www.symantec.com. Also I'm not certain there weren't bugs in PureSight 2.x relating to whitelisted sites and removal of the Range header in HTTP requests. If any plugin says it needs the whole file, WinGate will suppress the Range header in requests, which is what download managers use for resume. You may need to add specifically www.symantec.com, and definitions.symantec.com separately. Otherwise you can use the rule for "URL contains" since that is then a pattern-matched test.
adrien wrote:As for hooking PureSight to the proxy, I'd suggest upgrading over an existing 2.x. You shouldn't need to re-activate, in any case it uses the same keys as 2.x.
adrien wrote:Could it be possible to gain access to your ISPs server some how? Even via VPN, or a UDP mapping proxy or something from our server. Just so we can send some DNS requests to them and get the response that is causing the problem. We can map it via a different UDP port number... e.g we use a server here that doesn't do DNS serving, set up a UDP mapping on say port 8053 through to your public IP. Then you forward that to your ISPs DNS server on port 53 (after checking it's from our IP). Then we can test against your ISPs DNS server across the net.
Mar 23 10 10:09 pm
I'm not sure that "symantec.com" will match against a URL in www.symantec.com.
Also I'm not certain there weren't bugs in PureSight 2.x relating to whitelisted sites and removal of the Range header in HTTP requests. If any plugin says it needs the whole file, WinGate will suppress the Range header in requests, which is what download managers use for resume. You may need to add specifically www.symantec.com, and definitions.symantec.com separately. Otherwise you can use the rule for "URL contains" since that is then a pattern-matched test.
Mar 24 10 8:22 pm
adrien wrote:As for hooking PureSight to the proxy, I'd suggest upgrading over an existing 2.x. You shouldn't need to re-activate, in any case it uses the same keys as 2.x.
Mar 25 10 9:30 pm
adrien wrote:Could it be possible to gain access to your ISPs server some how? Even via VPN, or a UDP mapping proxy or something from our server. Just so we can send some DNS requests to them and get the response that is causing the problem. We can map it via a different UDP port number... e.g we use a server here that doesn't do DNS serving, set up a UDP mapping on say port 8053 through to your public IP. Then you forward that to your ISPs DNS server on port 53 (after checking it's from our IP). Then we can test against your ISPs DNS server across the net.
Mar 27 10 3:03 pm
Mar 27 10 10:10 pm
adrien wrote:Do you need PureSight to use a proxy for updates?
Mar 29 10 11:02 pm
Alen wrote:Hey! An idea! I'll record PS dns name / ip in the Wingate machine OS hosts file. This will provide PS with the direct connection. I'll let you know about results.
Mar 30 10 12:00 am
Mar 30 10 12:09 am
adrien wrote:The update server is up.puresight.com, you could try that. Failing that, try a packet capture and see if that shows anything.
adrien wrote:haven't forgotten about the bandwidth control issue.
Mar 31 10 4:30 am
Alen wrote:BTW: The site name can be found in PS settings, on the page with AutoUpdate switch. I found it recently.I'll try with up.puresight.com in the hosts and report.
KAV plugin can update its database both via direct connection and via Wingate web proxy, which settings it is able to automatically read from IE settings (so all you need is just to setup IE to use Wingate web proxy).
PureSight can update its database only via direct (or NATed) connection.