Wingate block emails expecially containing zip files

[MastaCico]

hi,
i have this strange issue,
Not always when receiving emails with zip files or simple text wingate send to the client this advise :

WinGate DataScanning has blocked the following message:

Message: 0000000017
From: "name, name \(GE Energy, Non GE\)"
<name.name@np.ge.com>
To: "name.name \(GE Energy, Non GE\)"
<name.name@np.ge.com>
Subject: I: RICHIESTA DOCUMENTAZIONE
Size: 1439428 bytes
Reason: PureSight for WinGate has determined that the requested resource
() is at least 91 % likely to contain prohibited content. The content has been blocked because it is of a sexual nature. If you have any queries with regards to this, please contact your system administrator.

Please contact the Administrator ( ) to release this email.



This email doesn't absolutly contain notting of sexual nature, but it is blocled.
I tryed to send and receive zip files and it works sometime,
i also tryed to write an email containg the words : sex, anal etc... but it doesn't block it, i'm wondering why this happen.

Please help me ASAP 'cause tomorrow i'll be to my costumer to fix this problem, i don't wnat to disable puresight from emal.

Thanx

[MastaCico]

Anyone with the same problem?
please help me.

[labull]

PureSight is not intended for use with email. That said, what sort of email program/service are you using?

[adrien]

Hi

there was a problem with the earlier version of PureSight in that it allowed you to bind it to mail.

however, the puresight scanning engine is designed only for use with HTML content. We fixed this problem with the new versions of WinGate and PureSight, so that it won't bind to mail.

Sorry for the confusion. There were some initial tests using PureSight on mail, but they never in our testing produced reliable results (as you are now seeing).

Regards

Adrien

[MastaCico]

Thanks, but i'm sure i downloaded the latest versions of both, can you tell me wich are the news versions and where can i disable puresight form scanning emails?

Thanks a lot

[MastaCico]

Just checked the versions online and there are newest ones dated 1-nov, shall I use those? any kind of problem with upgrade? i mean do i need to perform an uninstall or it will do all by itself?

Thanks

[labull]

Upgrade should work fine.

You won't have the PureSight option for SMTP in this version.

[MastaCico]

notice that i haven't configured the email service yet, it is scanning mail throught the simple nat proxy smtp and pop are still the provider's smtp and pop

[MastaCico]

Hi

there was a problem with the earlier version of PureSight in that it allowed you to bind it to mail.

however, the puresight scanning engine is designed only for use with HTML content. We fixed this problem with the new versions of WinGate and PureSight, so that it won't bind to mail.

Sorry for the confusion. There were some initial tests using PureSight on mail, but they never in our testing produced reliable results (as you are now seeing).

Regards

Adrien

Today I did as you said.
I upgraded all to the latest versions but....
but everithing works good execpt for one problem, puresight doen't scan througt NAT, only if WGIC is installed and enabled.
Internet connection works in both method but via nat no scanning or restriction are applyed, no history is logged via nat.

I noticed after installation that trasparent proxy were disabled so i selected the option and restarted the server but nottig changed.

What should i do to fix this problem? clean istallation? there are problem with activation?

throught WGIC puresight works efficently

[MastaCico]

Same thing happen on new machines and clean installation, everithing works, but puresight doen't scan trought ENS, I tryed many potions but the only way to make puresight working is only to use WGIC which is not bad but i liket do do the same via NAT, i don't have to install the client on every machine.

[labull]

PureSight will only work with NAT if you enable Transparent Proxy in the WWW Proxy. Enabling Transparent Proxy in the WWW Proxy will intercept NAT traffic and route it through the proxy to give you benefit of PureSight and the ease of NAT.

WWW Proxy - Sessions - Check Transparent Proxy - Check Port 80.

[MastaCico]

Yes, i know.
Even if the trasparent redirection is selected no scanning is done.
With the clean install on a new machine, when installing puresight 2 it is selected by default, but in the other machine with the old version of WG i had to select it manually.
i tryed all but notting seems to get puresight or don't know maybe wingate catch connections from nat.
in the client machine gataway is the wg machine, the same for dns, there is no way for the machine to connect without passing throught WG.

The old version worked perfectly in nat funcion, but not the same for this one.
I need a help 'cause i want to use nat instead of WGIC

[MastaCico]

Upgrade should work fine.

You won't have the PureSight option for SMTP in this version.

I didn't have an option in smtp or pop, that's the strange,
the only thing i changed from the defaul config was the dhcp settings to disable and the dns to disable, that's it.
everithing was working fine except for some incoming mails blocked and gone in quarantine for sexual content.

[adrien]

Hi

If NAT is working for you (just not intercepting), then the interception can't be set up properly - we haven't had any issues with this before.

There are 2 parts to enabling interception.

1. enable connection interception in the proxy
2. Add the port number(s) you want to intercept.

Did you add the port number(s) as well?

Also, you shouldn't need to restart when you do this, it should pick up the changes straight away.

Regards

Adrien

[adrien]

There is one other thing you may need to do to get PureSight scanning your web traffic

Go into the WWW Proxy, and make sure in the plugins tab, that PureSight is showing in there, and is selected to be used. You may need to click the refresh button if you don't see it in there.

Adrien

[MastaCico]

hi,
yes it is all selected, the port is 80 no need other ports i think.

I tried to install and no change to the installation default, same thing happend, just wondering why, if i disable ens, the client cant' see the internet so i'm sure the client is properly configured, but no interception.
i'll make some tests again this afternoon but really i can't understand what's happening.

i'll post you some pics with the configuration that i use

[MastaCico]

here are the screenshot for some config :

http://www.akinformatica.it/wg/1.jpg
http://www.akinformatica.it/wg/2.jpg
http://www.akinformatica.it/wg/3.jpg


Remember that i didn't change anything from the server in which i upgraded wingate, simply installed the newest versions


Thanks for the help

[MastaCico]

http://www.akinformatica.it/wg/4.jpg

in the history it catchs only the windows update connections anda the dns requests but not the site required, maybe it use other ports to connect other than 80?

[MastaCico]

if i select proxy in internet explorer and enter the ip of the WG machine on port 80 it works , so why without entering it it doen't works?

[MastaCico]

I did some tests now.
I installed the old version of wingate without plugins and TR works fine.
installed PS and selected only wwwproxy, and it works fine now.
everithing works fine via nat, history, PS ecc.

next step is to deinstall this version and install the new one without PS.
i enabled TS on port 80.
notting, only dns lookups are logged, no site are showing.
only if selecting proxy manually in IE can made WG catch sites.

I don't know how this can happend but it's not a mine configuration fault, there's probably something wrong in the new version.

i'll use againg the old one deselecting PS form pop and smtp.

If you know anything new please let me know.

Thanks

Cico

[adrien]

Hi

I see that "automatic proxy configuration" is enabled, since there are requests for WPAD.PAC in the history.

that means that the web browsers may be being configured to use a proxy by this method, rather than making direct NAT connections.

If you disable automatic proxy detection in the browser, does this help?

Adrien

[MastaCico]

nope, it doesn't help at all.
I enable it for test but no change .
can you suggest me a test for checking if the client may use anothere port different from 80?
but i thing it's not possible i didn't change notting, the client machine was just formatted.
When you have some free time why don't you try to do my same test, just install and configure ongly trasparent redirection and tell me if the problem happend to you too.


Thanks

Cico

[adrien]

Hi

We use transparent proxy all the time as do most of our customers, so we are very confident it works.

It is based on a couple of things.

1. That the port number your client computer is connecting to is port 80 (or whatever ports you entered into the transparent proxy setup).
2. That the client is using WinGate for NAT connections (i.e. default gateway set to the Wingate machine's IP).

Can you make sure that in the Extended Networking properties, under Port Security, LAN connections to the Internet section, that there is an entry for port 80, and that it is a redirection to 0.0.0.0?

Regards

Adrien

[adrien]

PS, if you have remote desktop available on that machine or Terminal services, one of our tech support staff can log into your system if you like to debug it for you.

Send an email to support@wingate.com if you are keen to do this.

Adrien

[MastaCico]

Ok i sent an email to the support linking this topic.
I sent the instruction for connecting to my pcs, not my costumer's but i have the same problems, i hope they could understand what's wrong.
I checked under ENS and it's all as you suggest.

Thanks

Cico

[ImmediateAction]

Small observation: Can you confirm that the LAN clients default gateway is pointing to WinGate, and not a router?

*Edit, Just saw your other forum post "When using NAT, users show up as guests"

[MastaCico]

obviously is pointed to the WG machine.
If I deselect nat in ENS the client doesn't connect so i'm quite sure that WG works on nat but there's something that i can't understand i doesn't log history or show users in activity window, only the dns request are logged.

[MastaCico]

I saw that someone of the support team connected to my pc, so what was wrong with my config?

Thanks

[adrien]

That was one of our late-shift tech support people, who only arrives in in the afternoon. I'll discuss your system with him then.

Regards

Adrien

[MastaCico]

Ok thanks, let me know.