Infected and malware

[cn1234]

One of my machines has been infected by malware. I have Kaspersky AntiVirus for WinGate (3.0.4) running on the GateKeeper server. The settings appear to be correct and the virus definitions are updated twice a day. Does Kaspersky AntiVirus for WinGate scan for malware when viewing websites? Nothing has appeared on the system messages/quarantine tab. I have another virus scanner on the PC and this has picked up the malware!! It's hard to tell where this infected has come from (usb stick/cd etc or internet) but I want to check if this program does scan for malware or just viruses? Is there something wrong or is there a test I can do to make sure Kaspersky AntiVirus for WinGate picks up malware?

[adrien]

Hi

if the client browser are going through the web proxy, and Kaspersky AV is enabled on that proxy and no rules are preventing scanning of the site or content type, then Kaspersky AV for WinGate will be scanning it. But typically things like https traffic are not scanned (needs https inspection for that).

So there are some scenarios where content wouldn't be scanned.

Also it's always possible that the exploit is new or Kaspersky Labs haven't released a signature update for it yet. It's always an arms-race between AV authors and malware authors.

But I think Kaspersky Labs idea of what constitutes a thread incorporates what you'd call malware as well as viruses.

To test if Kaspersky AV for WinGate is in the chain, normally we suggest going to www.eicar.org and downloading one of the eicar test files.

Regards

Adrien de Croy

[cn1234]

Adrien,

Many thanks for the reply.