Kaspersky oddity

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

Kaspersky oddity

Postby tb » Sep 15 04 7:05 am

Hi

I'm trialling Wingate but have a problem with Kaspersky.

Every time I download an executable, I end up with a shortcut in the destination directory that looks like this (xxx's replace part of code) and I've bracketed the tags as I'm note sure what this BB might do to them:

(P)Kaspersky AV for WinGate(P)Data stream (B)(http://dl.element5.com/d/xxxxxxxxxxxxxx ... seplus.exe)(/B) has NOT been scanned

and no file. Obviously if I tell the plugin to skip this site it works but that's not the idea...

Tony
tb
 
Posts: 24
Joined: Sep 15 04 5:21 am
Location: Sussex, UK

Postby Pascal » Sep 15 04 1:34 pm

If you download this file (Outside of WinGate) and then scan it manually, what response do you get from the scanner? (You can scan a local file, using the plugin on the WinGate machine)

That response is given when we get a KAV_NON_SCANNED return code from the AntiVirus Engine. Unfortunately, there is not much more information about that code, except that it happens (more often) when a file is compressed / somehow undecipherable by the engine. (Hence, the test above).

Which options do you have enabled on the main page?
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby tb » Sep 15 04 10:12 pm

Pascal wrote:If you download this file (Outside of WinGate) and then scan it manually, what response do you get from the scanner? (You can scan a local file, using the plugin on the WinGate machine)

That response is given when we get a KAV_NON_SCANNED return code from the AntiVirus Engine. Unfortunately, there is not much more information about that code, except that it happens (more often) when a file is compressed / somehow undecipherable by the engine. (Hence, the test above).

Which options do you have enabled on the main page?


It just says 'Not Scanned' - nothing else at all.

What I wanted to know was - what happened to the the file that was downloaded originally from the site. No sign of it anywhere - just the shortcut I referred to.

I set up an EICAR test file and tried that manually. It detected it okay but failed to do anything to it - I was assuming it would put it in the Quarantine folder as that's how it's set up. In fact, having disabled all other AV software yesterday, I expected to see a pile in Quarantine - but nothing. Usually I get 20 - 200 virii overnight across 16 mail accounts (I manage a lot of web sites) but there's no sign of anything this morning. Is there a log somewhere of AV activity?

Also, does the trial Plug-in Auto Update - it doesn't appear to AFAICT.

Enabled options? If by 'main page' you mean the options from dbl-click the Kapersky listing in the plug in window - all options are checked and Custom is enabled to put everything in Quarantine.

Thanks for your help.

TB
tb
 
Posts: 24
Joined: Sep 15 04 5:21 am
Location: Sussex, UK

Postby Pascal » Sep 16 04 12:35 am

There's not a log of AV activity, but there should be a list of items quarantined. Also double check the settings for Custom.

Check also what the quarantine purge properties are (You'll find this all in GateKeeper). It's possible that, if you've had so many items in there, that it might have been purged since.

Plugin has an auto-update feature. Use the Scheduler in GateKeeper and add an event for it.

The page I was talking about was the one that lists the AV options (Check Packed files, etc. I can't remember the exact title, but will check it tomorrow when I'm in the office)
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 17 guests

cron