Switch to full style
Forum for support for the Kaspersky AntiVirus for WinGate plugin
Post a reply

.jar in Quarantine

Dec 17 03 9:48 pm

Hi all,

Just taking a clients machine to Wingate 5.2.0 & KAV 1.2 with new subsscription.

As is my habit to examine the quarantine with several items:

[Main]
UID=64
WGUser=rhmudgee2
Date Added=16:46:05 15/Dec/2003
State=0
Size=135365
Machine Name=backoffice
Machine IP=192.168.0.2
Context=http#//www.realtor.property.com.au/java/MrMappie.jar
Reason=Kaspersky AV for WinGate - Data stream (http://www.realtor.property.com.au/java/MrMappie.jar) is corrupted and has not been scanned
Source=WWWProxy


For some reason [corruption] KAV took exception to this file and seven others, no one complalined that the url was un workable but it I assume it shouldn't happen.

Cheers > Nev.

Re: .jar in Quarantine

Dec 18 03 7:59 am

It depends on the exact configuration in KAV. I am not 100% sure which set of circumstances will indicate to the antivirus engine that a download is corrupted, however.

You can go into the Advanced Override configuration and change it so the download will be either let through or discarded. (Discarded might be a good choice if it does not affect the operation of the site)

Another alternative is to add the URL or site to your trusted list.

Would it be possible for you to post the options you have configured for KAV to the forum ? Or email me the registry configuration so I can have a look at it, please ? It might simply be a configuration flag.

Nev wrote:Hi all,
Just taking a clients machine to Wingate 5.2.0 & KAV 1.2 with new subsscription.

Re: .jar in Quarantine

Dec 18 03 4:17 pm

Pascal wrote:It depends on the exact configuration in KAV. I am not 100% sure which set of circumstances will indicate to the antivirus engine that a download is corrupted, however.

You can go into the Advanced Override configuration and change it so the download will be either let through or discarded. (Discarded might be a good choice if it does not affect the operation of the site)

Another alternative is to add the URL or site to your trusted list.

Would it be possible for you to post the options you have configured for KAV to the forum ? Or email me the registry configuration so I can have a look at it, please ? It might simply be a configuration flag.

Nev wrote:Hi all,
Just taking a clients machine to Wingate 5.2.0 & KAV 1.2 with new subsscription.


Thanks Pascal, I probably won't be onsite again until 2004, will ask them how it affects usage [if noticed at all] and will take the chance to forward the registry!

At that time [2004] I'll upgrade to 5.2.2 also.

Cheers & season's to all!

Nev,
In sunny & warm OZ!

Re: .jar in Quarantine

Dec 28 03 11:44 pm

Hi Pascal and all @T qbik

Another quarantined .jar instance in my own network!

[Main]
UID=9
WGUser=ws2
Date Added=19:04:37 28/Dec/2003
State=0
Size=67481
Machine Name=ws2
Machine IP=192.168.0.6
Context=http#//www.dailyclassifieds.com.au/FreeGames/SuperBug/SuperBug.jar
Reason=Kaspersky AV for WinGate - Data stream (http://www.dailyclassifieds.com.au/Free ... perBug.jar) is corrupted and has not been scanned
Source=WWWProxy

Maybe the module should deal with this Java file as a thought.

May the season be all you want it to!

Nev.

Re: .jar in Quarantine

Dec 29 03 2:17 pm

Nev wrote:http://www.dailyclassifieds.com.au/FreeGames/SuperBug/SuperBug.jar
Maybe the module should deal with this Java file as a thought.


It's interesting that it's reported as corrupted. That is the response from the AV Engine. However, when I try it with their online virus checker (After having saved the .JAR file to my local machine) it reported everything was OK.

So, when was the last time you updated the AV definitions ? It is possible that there is a newer SDK available than the one we have, I'll check that as well. (Although the virus definition update does allow for newer scanning methods / unarchivers, etc. to be added as well)

If you save the file to your local machine (I used wget, but should be possible if you right-click and say "Save Target As") and then scan it from GateKeeper, do you get the same response ?

Re: .jar in Quarantine

Dec 30 03 1:33 am

-Test
Last edited by Nev on Jan 13 04 9:15 pm, edited 1 time in total.

Re: .jar in Quarantine

Dec 30 03 1:35 am

Pascal wrote:
Nev wrote:http://www.dailyclassifieds.com.au/FreeGames/SuperBug/SuperBug.jar
Maybe the module should deal with this Java file as a thought.

It's interesting that it's reported as corrupted. That is the response from the AV Engine. However, when I try it with their online virus checker (After having saved the .JAR file to my local machine) it reported everything was OK.


G'day Pascal, yes same here, can't save the file though qarantine shows it to be there and scanning it is AOK [the quarantined file that is].

Pascal wrote:So, when was the last time you updated the AV definitions ? It is possible that there is a newer SDK available than the one we have, I'll check that as well. (Although the virus definition update does allow for newer scanning methods / unarchivers, etc. to be added as well)


AV defs twice daily. Most Kaspersky A/v products will report various files as corrupted at times, although this one is not doing just that at present, only when in a download stream!

Pascal wrote:If you save the file to your local machine (I used wget, but should be possible if you right-click and say "Save Target As") and then scan it from GateKeeper, do you get the same response ?


Have seen this on WinME & Win2k's using Wingate 5.2.0 & 5.2.2 / KAV 1.2.

Thanks...

Nev.

Re: .jar in Quarantine

Dec 30 03 1:36 am

Nev wrote:http://www.dailyclassifieds.com.au/FreeGames/SuperBug/SuperBug.jar
Maybe the module should deal with this Java file as a thought.

Pascal wrote:It's interesting that it's reported as corrupted. That is the response from the AV Engine. However, when I try it with their online virus checker (After having saved the .JAR file to my local machine) it reported everything was OK.


G'day Pascal, yes same here, can't save the file though qarantine shows it to be there and scanning it is AOK [the quarantined file that is].

Pascal wrote:So, when was the last time you updated the AV definitions ? It is possible that there is a newer SDK available than the one we have, I'll check that as well. (Although the virus definition update does allow for newer scanning methods / unarchivers, etc. to be added as well)


AV defs twice daily. Most Kaspersky A/v products will report various files as corrupted at times, although this one is not doing just that at present, only when in a download stream!

Pascal wrote:If you save the file to your local machine (I used wget, but should be possible if you right-click and say "Save Target As") and then scan it from GateKeeper, do you get the same response ?


Have seen this on WinME & Win2k's using Wingate 5.2.0 & 5.2.2 / KAV 1.2.

Thanks...

Nev.

Re: .jar in Quarantine

Dec 30 03 1:37 am

Nev wrote:http://www.dailyclassifieds.com.au/FreeGames/SuperBug/SuperBug.jar
Maybe the module should deal with this Java file as a thought.


Pascal wrote:It's interesting that it's reported as corrupted. That is the response from the AV Engine. However, when I try it with their online virus checker (After having saved the .JAR file to my local machine) it reported everything was OK.


G'day Pascal, yes same here, can't save the file though quarantine shows it to be there and scanning it is AOK [the quarantined file that is].

Pascal wrote:So, when was the last time you updated the AV definitions ? It is possible that there is a newer SDK available than the one we have, I'll check that as well. (Although the virus definition update does allow for newer scanning methods / unarchivers, etc. to be added as well)


AV defs twice daily. Most Kaspersky A/v products will report various files as corrupted at times, although this one is not doing just that at present, only when in a download stream!

Pascal wrote:If you save the file to your local machine (I used wget, but should be possible if you right-click and say "Save Target As") and then scan it from GateKeeper, do you get the same response ?


Have seen this on WinME & Win2k's using Wingate 5.2.0 & 5.2.2 / KAV 1.2.

Thanks...

Nev.
Post a reply