Kaspersky big fail

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

Kaspersky big fail

Postby bztips » Feb 08 13 5:27 am

This problem has existed forever:
We are unable to download large files -- download will run for awhile, then fail way before completion.
When I say large, I mean files of about 100 MB or larger.

This is despite
-- whitelisting the site (the problem is not particular to any specific site)
-- adjusting the Settings to supposedly have Kaspersky "Skip Big Files"

If we disable Kaspersky entirely, large files can be downloaded without a problem.

Honestly, I don't understand how such simple screening functions as whitelisting or filesize testing can be screwed up in the software, but they apparently are.

/Bill
bztips
 
Posts: 53
Joined: Nov 19 03 6:48 am

Re: Kaspersky big fail

Postby adrien » Feb 13 13 10:02 pm

Hi Bill

sorry I only just saw this post.

It's probably best if we take a look remotely at your system. We don't generally have this problem, but there are ways to get the config wrong.

If you'd like to give that a shot, send an email to support@wingate.com, and we can proceed with teamviewer or similar.

Regards

Adrien de Croy
adrien
Qbik Staff
 
Posts: 5232
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Kaspersky big fail

Postby kdetombe » Mar 14 13 12:13 am

hi,
can you please let the forum know if the problem is solved? was indeed the config wrong?

we are having a similar problem, that is, the only way kav seems to work is to completely disable it.

try letting a wingate client listen to a radiostation by itunes or even in a browser, and you get annoying rebuffering,
now disable www-scanning in kav, and clients can listen to radio free of distortion.
now enable www-scanning again, and try everything to edit kav-options to not scan radio-sites:
however the sites-not-to-scan no longer appear in logging, the rebuffering stays and suggests kav is fooling us.
kdetombe
 
Posts: 3
Joined: Jan 09 13 12:06 am

Re: Kaspersky big fail

Postby adrien » Mar 14 13 12:25 am

Hi

we still don't see this problem, and we use the product ourselves in this manner.

It's common that the URL for accessing the actual media is quite different to the site you access it from, so you may need to look through log files to figure out which site(s) to whitelist for scanning.

We haven't seen any problems with whitelisting.

So if you're still having this problem, we can take a look at your system remotely.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5232
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Kaspersky big fail

Postby kdetombe » Mar 15 13 12:41 am

hi,

would you be so kind to help our client with a simple test then.
our client wants to listen to fip-radio, either via a browser (www.fipradio.fr) or via itunes (itunes > radio > jazz > fip).
to keep things simple, we added entries to the existing administrators whitelist:
*.fipradio.fr
*.tv-radio.com
*.pri.kts-af.net
*.itunes.apple.com

the entry http://pri.kts-af.net/xml/xml.index keeps being scanned bij kav, for example.

could you let us know what it takes you to whitelist just this radiostation eitherway so we can go from there?

regards
kdetombe
 
Posts: 3
Joined: Jan 09 13 12:06 am

Re: Kaspersky big fail

Postby adrien » Mar 15 13 10:14 am

Hi

we can have alook remotely if you like.

One thing though,

testing for a match between *.pri.kts-af.net and pri.kts-af.net will not match, since there is no . on the front of pri.kts-af.net and the global data list uses a straight string match (doesn't know about domains / sub-domains etc).

you'd need to enter a match of pri.kts-af.net as well.

Also you'll need to check the web usage logs for what is being requested, since media is commonly served from a different server.

You may also be able to whitelist by content type, e.g. avoid scanning audio/* image/* etc.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5232
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Kaspersky big fail

Postby kdetombe » Mar 20 13 12:51 am

hi,

we took some time to explore the kav-plugin 7.2.9 in wingate 7.3.0.
(you were right about the typo).

using debug mode on the kav logs in addition to routerlogs, we were able to go your route, and filter out everything to enable listening to say, 5 stations in itunes.
for some stations we had to allow a rather broad ip-range free tickets, which feels uncomfortable.

moreover, since the kav-plugin in wingate 7 no longer can scan its own host, and plain file traffic is also not scanned/filtered by the wingate ftp-proxy, we think we now need advice to go fill some gaps.

how do you scan wingates's ftp traffic leaving our wingate server everynight at 02.00 hrs?
do you run additional tools like mse and/or emet? or kav's endpoint security?

regards
kdetombe
 
Posts: 3
Joined: Jan 09 13 12:06 am


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 2 guests