SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004227: block update antivirus - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0004227Endian FirewallProxy HTTPpublic2011-12-21 21:062012-04-30 15:39
Reportermario79 
Assigned Tolorenzo-endian 
PrioritynormalSeverityblockReproducibilityalways
StatusfeedbackResolutionreopened 
PlatformOSOS Version
Product Version2.4.1 
Target VersionFixed in Version 
Customer Importance
Customer Occurrences
Queue
Summary0004227: block update antivirus
DescriptionGood day to all.

Sorry for my english, i use translator tools. I have a problem with antivirus updates.I ready check the rules and are well.

It is not happening.

When i disable the proxy, everything is going well, thanks for the attention.
Steps To Reproduce
Additional Information192.168.11.2 TCP_DENIED/403 2672 POST http://check.sanasecurity.com/ [^] - NONE/- text/html
192.168.11.8 TCP_DENIED/403 2672 GET http://192.168.11.200/wpad.dat [^] - NONE/- text/html
192.168.11.132 TCP_DENIED/403 2652 GET http://wpad/wpad.dat [^] - NONE/- text/html
192.168.11.110 TCP_DENIED/403 2710 GET http://evsecure-crl.verisign.com/EVSecure2006.crl [^] - NONE/- text/html
192.168.11.9 TCP_DENIED/403 2718 GET http://update.avg.com/softw/90/update/avg9infowin.ctf [^] - NONE/- text/html
192.168.11.9 TCP_DENIED/403 2716 GET http://backup.avg.cz/softw/90/update/avg9infowin.ctf [^] - NONE/- text/html
192.168.11.9 TCP_DENIED/403 2718 GET http://update.avg.com/softw/90/update/avg9infoavi.ctf [^] - NONE/- text/html
192.168.11.9 TCP_DENIED/403 2716 GET http://backup.avg.cz/softw/90/update/avg9infoavi.ctf [^] - NONE/- text/html
TagsNo tags attached.
Relationships
Attached Filespng proxy.png (186,429) 2012-04-18 23:17
https://bugs.endian.com/file_download.php?file_id=936&type=bug
png

png log.png (142,284) 2012-04-18 23:18
https://bugs.endian.com/file_download.php?file_id=937&type=bug
png

png contenfilter.png (178,736) 2012-04-18 23:19
https://bugs.endian.com/file_download.php?file_id=938&type=bug
png

jpg resolucion.jpg (181,314) 2012-04-30 15:31
https://bugs.endian.com/file_download.php?file_id=940&type=bug
jpg
Issue History
Date ModifiedUsernameFieldChange
2011-12-21 21:06mario79New Issue
2012-01-10 10:30lorenzo-endianNote Added: 0007614
2012-01-10 10:30lorenzo-endianAssigned To => lorenzo-endian
2012-01-10 10:30lorenzo-endianStatusnew => feedback
2012-01-10 14:15mario79Note Added: 0007617
2012-04-02 10:27christian-endianNote Added: 0007783
2012-04-02 10:27christian-endianStatusfeedback => closed
2012-04-02 10:27christian-endianResolutionopen => fixed
2012-04-02 19:39mario79Note Added: 0007789
2012-04-02 19:39mario79Statusclosed => feedback
2012-04-02 19:39mario79Resolutionfixed => reopened
2012-04-18 23:17mario79File Added: proxy.png
2012-04-18 23:18mario79File Added: log.png
2012-04-18 23:19mario79File Added: contenfilter.png
2012-04-18 23:19mario79Note Added: 0007833
2012-04-30 15:31mario79File Added: resolucion.jpg
2012-04-30 15:37mario79Note Added: 0007849
2012-04-30 15:39mario79Note Added: 0007850

Notes
(0007614)
lorenzo-endian   
2012-01-10 10:30   
===
Note: feedback requested in italian for improving the bug report. Lo
===

Buongiorno mario79,

dal nome presumo lei sia italiano :)

potrebbe cortesemente spiegarmi piĆ¹ nel dettaglio quale sia il problema e come si presenta?

Grazie mille in anticipo!

Lo
(0007617)
mario79   
2012-01-10 14:15   
Buen dia Lo.

Claro, tengo un firewall endian 2.4.1, cuando actualizo el antivirus karspesky, avg, nod, panda antivirus. En los logs de proxy de endian, aparecen denegados, no hay ninguna regla que bloquee esas direcciones publicas.

Pero si aplico un bypass de las ips que necesitan actualizarse, estas empiezan a descargar sin problemas las firmas de actualizacion, pero de este modo no puedo filtrar url.

Espero me sepa explicar y gracias de antemano por la asistencia.

mario79.
(0007783)
christian-endian   
2012-04-02 10:27   
You can whitelist these sites under Proxy->HTTP->Contentfilter.

For help please have a look here:
http://www.endian.com/us/community/get-help/ [^]
(0007789)
mario79   
2012-04-02 19:39   
25 192.168.1.50 TCP_DENIED/403 2950 GET http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif726 [^] 3KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECECV RccvD8Qb29B4D63fPT%2Bk%3D - NONE/- text/html
Web prox..
2012-04-02 13:29:56
6 192.168.1.50 TCP_DENIED/403 2744 GET http://cs-g2-crl.thawte.com/ThawteCSG2.crl [^] - NONE/- text/html
Web prox..
2012-04-02 13:29:59
23 192.168.1.50 TCP_DENIED/403 2738 POST http://tools.google.com/service/update2 [^] - NONE/- text/html
Web prox..
2012-04-02 13:29:59
8 192.168.1.50 TCP_DENIED/403 3432 POST http://tools.google.com/service/update2?w=6:cSftlZH7HOeknePk [^] lTsX2ChKDGLcVRHgTHObKuzNSeuiuk2TfInTkgXY5cKNmU8ZFuu1ebMQZXr- xvuxia-Y50zaoKLilSYiVUfw8llBO5pGR7iAyLnEOK2sK7YQxmztL6rq7I2x A-gUx6opJNRDvbWCajje1wyNaqtornwUkTr_cJ4NTt5zRk3fItfIS7rHQ7Ws Hl5AJtuzYh6ZE7eWLj9ULLPkRxKtUnUb5JoSmlz7vqX0LKVYBi1JJrTH9p2X u0y-wUo2Ae22Lw1d12A_k0nUAlIwN7SBwhX5djAQf2hoJ-DOfGlxcRVOaeBs hjL1E6j71Jzw1Mtmgxg8XDiscQ - NONE/- text/html
Web prox..
2012-04-02 13:30:03
65 192.168.1.50 TCP_DENIED/403 381 HEAD http://cache.pack.google.com/edgedl/chrome/install/1025.142/ [^] chrome_installer.exe - NONE/- text/html
Web prox..
2012-04-02 13:30:03
5 192.168.1.50 TCP_DENIED/403 2820 GET http://cache.pack.google.com/edgedl/chrome/install/1025.142/ [^] chrome_installer.exe - NONE/- text/html
Web prox..
2012-04-02 13:30:09
5 192.168.1.50 TCP_DENIED/403 381 HEAD http://cache.pack.google.com/edgedl/earth/client/GE6/release [^] _6_2_1/GoogleEarth-Win-Bundle-6.2.1.6014.exe - NONE/- text/html
Web prox..
2012-04-02 13:30:09
35 192.168.1.50 TCP_DENIED/403 2868 GET http://cache.pack.google.com/edgedl/earth/client/GE6/release [^] _6_2_1/GoogleEarth-Win-Bundle-6.2.1.6014.exe - NONE/- text/html
Web prox..
2012-04-02 13:30:15
5 192.168.1.50 TCP_DENIED/403 2738 POST http://tools.google.com/service/update2 [^] - NONE/- text/html



I get this on the monitor online, and leaves no download anything, and agrege blacklisted those addresses, similar to antivirus update error, really do not know how to solve this dilemma.

I already have version 2.5.1 and also does not appear in the Dashboard online activdad as consumption kbps for each network card and other things.

Thanks in advance.
(0007833)
mario79   
2012-04-18 23:19   
trying to solve the problem of denial of antivirus update pages as google-earth entroe others. as you know the proxy is in transparent mode whitelist addresses off of servers actulizacion of antivirus, google, etc.., but I saw this review and do not know if is correct:

nano / etc / squid / squid.conf
http_proxy 0.0.0.0:3128
http_proxy 127.0.0.1:8080

is this correct??

and use this command giving me the following results:

cat / var / log / squid / access.log | grep proxy.pac

April 18 FW20411 16:25:54 squid [6227]: 1334787954.272 6 192.168.1.203 GET http://192.168.1.1/proxy.pac [^] TCP_DENIED/403 2660 - NONE / - text / html
April 18 FW20411 16:25:54 squid [6227]: 1334787954.304 0 192.168.1.203 GET http://192.168.1.1/proxy.pac [^] TCP_DENIED/403 2660 - NONE / - text / html
April 18 FW20411 16:26:06 squid [6227]: 1334787966.981 1 192.168.1.191 GET http://192.168.1.1/proxy.pac [^] TCP_DENIED/403 2660 - NONE / - text / html
April 18 FW20411 16:26:07 squid [6227]: 1334787967.036 0 192.168.1.191 TCP_DENIED/403
in real-time logs appears this is denied, may be happening?

Thank you for your attention.

Endian version 2.5.1 comunity
(0007849)
mario79   
2012-04-30 15:37   
Finally, problem solved with the update lock to update antivirus, google earth, proxy.pac.

Please look at the image file "resolution" when I had the problem of blocking / denial, had activated the option "user agent", I generated this lock / denial of antivirus updates, and also appeared as the blockade of proxy.pac and blocking / denial on google earth.

To solve a new rule was created and without enabling the option "user agent".

I hope I have explained this well and able to contribute a little to the community.

The next problem that I hope will be another issue is the slowness of navigation with endian 2.5.1 when the proxy is enabled, the navigation is extremely slow.

Thank you for your attention.
(0007850)
mario79   
2012-04-30 15:39   
Eye with this option disabled "useragent", is also resolved in version 2.4.1 endian.

Thank you.