KAV is not detecting virus thru http proxy

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

KAV is not detecting virus thru http proxy

Postby saubrey » Aug 16 05 7:02 pm

I'm not sure what's wrong. I had to re-install WG and KAV due to a hard disk crash, and after re-install (WG 6.04, KAV 1.2.2) when I test using the eicar virus, WG & KAV do not detect it as a virus. Instead my browser just gets a DNS error. KAV shows that it is properly licensed. The WG HTTP proxy has KAV plug-in turned on. Gatekeeper shows an http connection with a GET request to the eicar virus. (http://www.eicar.org/download/eicar.com.txt) Any ideas what is wrong with WG and KAV?

Thanks, Steve
saubrey
WinGate Master
 
Posts: 207
Joined: Sep 15 03 12:55 pm

Postby saubrey » Aug 17 05 5:37 pm

If I turn off the KAV plug-in for the HTTP proxy, then the eciar virus file is correctly sent to the browser and my AV program running on the client computer detects it. With the KAV plug-in on in the HTTP proxy, then my browser displays a DNS error message (as if it timed out waiting to receive the file), and Gatekeeper doesn't show that eciar was quarantined. Something about KAV and WG isn't right. What should I do to try and fix this?
saubrey
WinGate Master
 
Posts: 207
Joined: Sep 15 03 12:55 pm

Postby jamesc » Aug 17 05 11:07 pm

How do you connect to the WinGate server? Proxy / NAT / WinGate Internet Client / Interncepts (Transparent Proxy)
jamesc
Qbik Staff
 
Posts: 928
Joined: Apr 04 05 2:04 pm
Location: Auckland, New Zealand

Postby saubrey » Aug 18 05 10:54 am

By browser is configure to use a proxy. The GateKeeper activity window shows an HTTP GET request to the eciar file, and for 30 seconds or so, my browser waits to receive the file, but after about 30 seconds the HTTP GET request is removed from the Gatekeeper activity window and the browser times out and shows a DNS error message. The fact that the browser doesn't recieve the eciar file indicates that WG & KAV are blocking it, but the fact that it takes WG & KAV 30 seconds to determine what to do seems wrong and the fact that the Quarantine window doesn't show that eciar was quarantined also seems wrong.
saubrey
WinGate Master
 
Posts: 207
Joined: Sep 15 03 12:55 pm

Postby jamesc » Aug 19 05 6:30 pm

After liaising with one of our developers, this is the steps you should take to troubleshoot / resolve this.

First suggestion:
Clear Clients Internet Explorers Cache
Purge WinGate cache (GateKeeper) Caching --> What to purge --> Purge Now button
Then retest.

Second suggestion:
Stop the WinGate engine.
Navigate to: C:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Bases
Select everything, and delete.
Navigate to: C:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads
Select everything, and delete.
Start the WinGate engine
Run the update. (Windows) Start menu --> Programs --> WinGate --> Plugins --> Kaspersky AntiVirus --> Kaspersky AntiVirus Updater
Then retest

Third suggestion:
Disable your personal AntiVirus scanner.
Download test file to your desktop
Do a manual scan on the file

Image


Please let us know how you get on with this issue.
jamesc
Qbik Staff
 
Posts: 928
Joined: Apr 04 05 2:04 pm
Location: Auckland, New Zealand

Postby jamesc » Aug 19 05 6:45 pm

If you are still having issues with this, please submit a support ticket and include your WinGate registry and a reference to this forum post.

Submit support ticket: http://support.qbik.com/index.php?_a=tickets&_m=submit
Export registry: (Windows) Start Menu --> Programs --> WinGate --> Advanced Options --> Registry --> Export Settings button
jamesc
Qbik Staff
 
Posts: 928
Joined: Apr 04 05 2:04 pm
Location: Auckland, New Zealand

Postby saubrey » Aug 20 05 5:34 pm

I found and fixed my problem. It was not a WinGate/KAV problem. It was mine. When I was restoring Wingate after my hard drive crash I restored by using a Wingate Registry file that I had saved prior to the hard drive crash. The problem is that when I re-installed WG, I installed it into a different drive:sub-dir. The WG registry file that I imported had the old drive:sub-dir. The old drive:sub-dirs caused this problem. After I found and fixed all the drive:sub-dirs, WG/KAV correctly identified and quarantined the eciar virus.

Sorry to have bothered you.

-- Steve
saubrey
WinGate Master
 
Posts: 207
Joined: Sep 15 03 12:55 pm

Postby jamesc » Aug 23 05 3:01 pm

The main thing is you are up running!
jamesc
Qbik Staff
 
Posts: 928
Joined: Apr 04 05 2:04 pm
Location: Auckland, New Zealand


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 22 guests

cron