Plugin for Kaspersky is enabled in both SMTP and POP3.
Kaspersky is set to log:
Request Blocked
Configuration changes
Antivirus database updates
This is what the last 3 weeks log files in I:\Program Files\WinGate\Logs\Kaspersky AV for WinGate show:
12/27/08 11:01:00 0.0.0.0 <system> 0000000804 Debug: Obtaining lock in Refresh
12/27/08 11:01:29 0.0.0.0 <system> 0000001880 InitialiseQbik
12/27/08 11:01:29 0.0.0.0 <system> 0000001880 HasCapability
12/27/08 11:01:29 0.0.0.0 <system> 0000001880 Debug: Obtaining lock in Refresh
12/27/08 11:01:29 0.0.0.0 <system> 0000001880 Debug: Releasing lock in Refresh
12/27/08 11:01:29 0.0.0.0 <system> 0000000804 Debug: Releasing lock in Refresh
12/27/08 11:02:14 0.0.0.0 <system> 0000001880 InitialiseQbik
12/27/08 11:02:14 0.0.0.0 <system> 0000001880 HasCapability
12/27/08 11:02:14 0.0.0.0 <system> 0000001880 Debug: Obtaining lock in Refresh
12/27/08 11:02:14 0.0.0.0 <system> 0000001880 Debug: Releasing lock in Refresh
----------------------
Turned on logging for "Request Allowed" and forced a manual update as a test:
12/28/08 01:23:22 0.0.0.0 <system> 0000000180 Configuration has changed
12/28/08 01:24:15 10.0.0.152 guest 0000000664 Kaspersky AntiVirus 2.0 for WinGate has allowed
http://images.geqnamok.cn/snow.gif for guest because it is clean
12/28/08 01:24:17 10.0.0.152 guest 0000001820 Kaspersky AntiVirus 2.0 for WinGate has allowed
http://images.geqnamok.cn/new.jpg for guest because it is clean
12/28/08 01:24:42 10.0.0.152 guest 0000000664 Kaspersky AntiVirus 2.0 for WinGate has allowed for guest because it is clean
12/28/08 01:25:00 10.0.0.154 guest 0000002216 Kaspersky AntiVirus 2.0 for WinGate has allowed for guest because it is clean
12/28/08 01:25:02 10.0.0.154 guest 0000002216 Kaspersky AntiVirus 2.0 for WinGate has allowed for guest because it is clean
12/28/08 01:28:17 0.0.0.0 <system> 0000000820 Configuration has changed
12/28/08 01:28:20 0.0.0.0 <system> 0000002276 Starting update
12/28/08 01:28:20 0.0.0.0 <system> 0000002216 Starting update :
ftp://downloads-us1.kaspersky-labs.com/updates_ext 12/28/08 01:28:20 0.0.0.0 <system> 0000002216 Connecting to server : downloads-us1.kaspersky-labs.com [Busy]
12/28/08 01:28:21 0.0.0.0 <system> 0000002216 Connecting to server : downloads-us1.kaspersky-labs.com [Done]
12/28/08 01:28:21 0.0.0.0 <system> 0000002216 Selecting files : /updates_ext/ [Busy]
12/28/08 01:28:34 0.0.0.0 <system> 0000002216 Selecting files : /updates_ext/ [Done]
12/28/08 01:28:34 0.0.0.0 <system> 0000002216 Downloading file [Busy]
12/28/08 01:28:36 0.0.0.0 <system> 0000002216 Downloading file : fa001.avc [Done]
12/28/08 01:28:38 0.0.0.0 <system> 0000002216 Downloading file : base504c.avc [Done]
12/28/08 01:28:39 0.0.0.0 <system> 0000002216 Downloading file : base505c.avc [Done]
12/28/08 01:28:40 0.0.0.0 <system> 0000002216 Downloading file : dailyc.avc [Done]
12/28/08 01:28:41 0.0.0.0 <system> 0000002216 Downloading file : ext071c.avc [Done]
12/28/08 01:28:42 0.0.0.0 <system> 0000002216 Downloading file : daily-ec.avc [Done]
12/28/08 01:28:43 0.0.0.0 <system> 0000002216 Downloading file : avp.set [Done]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Downloading file : avp.klb [Done]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Downloading file [Done]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\fa001.avc [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\base504c.avc [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\base505c.avc [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\dailyc.avc [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\ext071c.avc [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\daily-ec.avc [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\avp.set [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\avp.klb [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Installing file [Done]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Disconnecting from server : downloads-us1.kaspersky-labs.com [Busy]
12/28/08 01:28:45 0.0.0.0 <system> 0000002216 Disconnecting from server : downloads-us1.kaspersky-labs.com [Done]
12/28/08 01:28:45 0.0.0.0 <system> 0000002276 Starting update
12/28/08 01:28:45 0.0.0.0 <system> 0000001708 Starting update : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\
12/28/08 01:28:45 0.0.0.0 <system> 0000001708 Selecting files : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\ [Busy]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Selecting files : I:\Program Files\WinGate\Plugins\Kaspersky AntiVirus\Downloads\ [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file [Busy]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : fa001.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : base318c.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : base320c.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : base364c.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : base365c.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : base366c.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : base504c.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : base505c.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : dailyc.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : ext004c.avc [Done]
12/28/08 01:29:00 0.0.0.0 <system> 0000001708 Downloading file : ext071c.avc [Done]
12/28/08 01:29:01 0.0.0.0 <system> 0000001708 Downloading file : daily-ec.avc [Done]
12/28/08 01:29:01 0.0.0.0 <system> 0000001708 Downloading file : avp.set [Done]
12/28/08 01:29:01 0.0.0.0 <system> 0000001708 Downloading file : avp.klb [Done]
12/28/08 01:29:01 0.0.0.0 <system> 0000001708 Downloading file [Done]
12/28/08 01:29:01 0.0.0.0 <system> 0000001708 Installing file [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\fa001.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\base318c.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\base320c.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\base364c.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\base365c.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\base366c.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\base504c.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\base505c.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\dailyc.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\ext004c.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\ext071c.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\daily-ec.avc [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\avp.set [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file : Plugins\Kaspersky AntiVirus\Bases\avp.klb [Busy]
12/28/08 01:29:07 0.0.0.0 <system> 0000001708 Installing file [Done]
12/28/08 01:29:07 0.0.0.0 <system> 0000002276 Debug: Obtaining lock in Refresh
12/28/08 01:29:36 0.0.0.0 <system> 0000001880 InitialiseQbik
12/28/08 01:29:36 0.0.0.0 <system> 0000001880 HasCapability
12/28/08 01:29:36 0.0.0.0 <system> 0000001880 Debug: Obtaining lock in Refresh
12/28/08 01:29:36 0.0.0.0 <system> 0000001880 Debug: Releasing lock in Refresh
12/28/08 01:29:36 0.0.0.0 <system> 0000002276 Debug: Releasing lock in Refresh
12/28/08 01:29:36 0.0.0.0 <system> 0000002276 Completing update
12/28/08 01:30:21 0.0.0.0 <system> 0000001880 InitialiseQbik
12/28/08 01:30:21 0.0.0.0 <system> 0000001880 HasCapability
12/28/08 01:30:21 0.0.0.0 <system> 0000001880 Debug: Obtaining lock in Refresh
12/28/08 01:30:21 0.0.0.0 <system> 0000001880 Debug: Releasing lock in Refresh
12/28/08 01:37:50 0.0.0.0 <system> 0000000820 Configuration has changed
---------------------
We did see this which indcates that some scanning is taking place for file downloads.
12/06/08 11:04:12 0.0.0.0 <system> 0000000116 Debug: Obtaining lock in Refresh
12/06/08 11:04:40 0.0.0.0 <system> 0000001692 InitialiseQbik
12/06/08 11:04:40 0.0.0.0 <system> 0000001692 HasCapability
12/06/08 11:04:40 0.0.0.0 <system> 0000001692 Debug: Obtaining lock in Refresh
12/06/08 11:04:40 0.0.0.0 <system> 0000001692 Debug: Releasing lock in Refresh
12/06/08 11:04:40 0.0.0.0 <system> 0000000116 Debug: Releasing lock in Refresh
12/06/08 11:05:23 0.0.0.0 <system> 0000001692 InitialiseQbik
12/06/08 11:05:23 0.0.0.0 <system> 0000001692 HasCapability
12/06/08 11:05:23 0.0.0.0 <system> 0000001692 Debug: Obtaining lock in Refresh
12/06/08 11:05:23 0.0.0.0 <system> 0000001692 Debug: Releasing lock in Refresh
12/06/08 13:48:32 10.0.0.155 guest 0000000888 Kaspersky AntiVirus 2.0 for WinGate has quarantined for guest because it could not be scanned
12/06/08 13:49:37 10.0.0.155 guest 0000000888 Kaspersky AntiVirus 2.0 for WinGate has quarantined for guest because it could not be scanned
12/06/08 13:51:34 0.0.0.0 <system> 0000001556 Configuration has changed
12/06/08 13:52:06 10.0.0.155 guest 0000000812 Kaspersky AntiVirus 2.0 for WinGate has quarantined for guest because it could not be scanned
12/06/08 13:55:17 0.0.0.0 <system> 0000001556 Configuration has changed
12/06/08 13:56:29 0.0.0.0 <system> 0000001556 Configuration has changed
12/06/08 14:09:58 0.0.0.0 <system> 0000001556 Configuration has changed
-------------------------------------------------
And this one too. Don't know what us being scanned here.
11/12/08 07:32:26 10.0.0.152 guest 0000001316 Kaspersky AntiVirus 2.0 for WinGate has quarantined for guest because it is infected with Worm.Win32.AutoRun.scj
11/12/08 11:00:50 0.0.0.0 <system> 0000002092 Debug: Obtaining lock in Refresh
11/12/08 11:01:17 0.0.0.0 <system> 0000001688 InitialiseQbik
11/12/08 11:01:17 0.0.0.0 <system> 0000001688 HasCapability
11/12/08 11:01:17 0.0.0.0 <system> 0000001688 Debug: Obtaining lock in Refresh
11/12/08 11:01:17 0.0.0.0 <system> 0000001688 Debug: Releasing lock in Refresh
11/12/08 11:01:17 0.0.0.0 <system> 0000002092 Debug: Releasing lock in Refresh
11/12/08 11:01:58 0.0.0.0 <system> 0000001688 InitialiseQbik
11/12/08 11:01:58 0.0.0.0 <system> 0000001688 HasCapability
11/12/08 11:01:58 0.0.0.0 <system> 0000001688 Debug: Obtaining lock in Refresh
11/12/08 11:01:58 0.0.0.0 <system> 0000001688 Debug: Releasing lock in Refresh
11/12/08 12:28:20 10.0.0.153 guest 0000001364 Kaspersky AntiVirus 2.0 for WinGate has quarantined for guest because it is infected with Worm.Win32.AutoRun.seh