SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004227: block update antivirus - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004227Endian FirewallProxy HTTPpublic2011-12-21 21:062012-04-30 15:39
Reportermario79 
Assigned Tolorenzo-endian 
PrioritynormalSeverityblockReproducibilityalways
StatusfeedbackResolutionreopened 
PlatformOSOS Version
Product Version2.4.1 
Target VersionFixed in Version 
Summary0004227: block update antivirus
DescriptionGood day to all.

Sorry for my english, i use translator tools. I have a problem with antivirus updates.I ready check the rules and are well.

It is not happening.

When i disable the proxy, everything is going well, thanks for the attention.
Additional Information192.168.11.2 TCP_DENIED/403 2672 POST http://check.sanasecurity.com/ [^] - NONE/- text/html
192.168.11.8 TCP_DENIED/403 2672 GET http://192.168.11.200/wpad.dat [^] - NONE/- text/html
192.168.11.132 TCP_DENIED/403 2652 GET http://wpad/wpad.dat [^] - NONE/- text/html
192.168.11.110 TCP_DENIED/403 2710 GET http://evsecure-crl.verisign.com/EVSecure2006.crl [^] - NONE/- text/html
192.168.11.9 TCP_DENIED/403 2718 GET http://update.avg.com/softw/90/update/avg9infowin.ctf [^] - NONE/- text/html
192.168.11.9 TCP_DENIED/403 2716 GET http://backup.avg.cz/softw/90/update/avg9infowin.ctf [^] - NONE/- text/html
192.168.11.9 TCP_DENIED/403 2718 GET http://update.avg.com/softw/90/update/avg9infoavi.ctf [^] - NONE/- text/html
192.168.11.9 TCP_DENIED/403 2716 GET http://backup.avg.cz/softw/90/update/avg9infoavi.ctf [^] - NONE/- text/html
TagsNo tags attached.
Attached Filespng file icon proxy.png [^] (186,429 bytes) 2012-04-18 23:17


png file icon log.png [^] (142,284 bytes) 2012-04-18 23:18


png file icon contenfilter.png [^] (178,736 bytes) 2012-04-18 23:19


jpg file icon resolucion.jpg [^] (181,314 bytes) 2012-04-30 15:31

- Relationships

-  Notes
(0007614)
lorenzo-endian (manager)
2012-01-10 10:30

===
Note: feedback requested in italian for improving the bug report. Lo
===

Buongiorno mario79,

dal nome presumo lei sia italiano :)

potrebbe cortesemente spiegarmi piĆ¹ nel dettaglio quale sia il problema e come si presenta?

Grazie mille in anticipo!

Lo
(0007617)
mario79 (reporter)
2012-01-10 14:15

Buen dia Lo.

Claro, tengo un firewall endian 2.4.1, cuando actualizo el antivirus karspesky, avg, nod, panda antivirus. En los logs de proxy de endian, aparecen denegados, no hay ninguna regla que bloquee esas direcciones publicas.

Pero si aplico un bypass de las ips que necesitan actualizarse, estas empiezan a descargar sin problemas las firmas de actualizacion, pero de este modo no puedo filtrar url.

Espero me sepa explicar y gracias de antemano por la asistencia.

mario79.
(0007783)
christian-endian (administrator)
2012-04-02 10:27

You can whitelist these sites under Proxy->HTTP->Contentfilter.

For help please have a look here:
http://www.endian.com/us/community/get-help/ [^]
(0007789)
mario79 (reporter)
2012-04-02 19:39

25 192.168.1.50 TCP_DENIED/403 2950 GET http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif726 [^] 3KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECECV RccvD8Qb29B4D63fPT%2Bk%3D - NONE/- text/html
Web prox..
2012-04-02 13:29:56
6 192.168.1.50 TCP_DENIED/403 2744 GET http://cs-g2-crl.thawte.com/ThawteCSG2.crl [^] - NONE/- text/html
Web prox..
2012-04-02 13:29:59
23 192.168.1.50 TCP_DENIED/403 2738 POST http://tools.google.com/service/update2 [^] - NONE/- text/html
Web prox..
2012-04-02 13:29:59
8 192.168.1.50 TCP_DENIED/403 3432 POST http://tools.google.com/service/update2?w=6:cSftlZH7HOeknePk [^] lTsX2ChKDGLcVRHgTHObKuzNSeuiuk2TfInTkgXY5cKNmU8ZFuu1ebMQZXr- xvuxia-Y50zaoKLilSYiVUfw8llBO5pGR7iAyLnEOK2sK7YQxmztL6rq7I2x A-gUx6opJNRDvbWCajje1wyNaqtornwUkTr_cJ4NTt5zRk3fItfIS7rHQ7Ws Hl5AJtuzYh6ZE7eWLj9ULLPkRxKtUnUb5JoSmlz7vqX0LKVYBi1JJrTH9p2X u0y-wUo2Ae22Lw1d12A_k0nUAlIwN7SBwhX5djAQf2hoJ-DOfGlxcRVOaeBs hjL1E6j71Jzw1Mtmgxg8XDiscQ - NONE/- text/html
Web prox..
2012-04-02 13:30:03
65 192.168.1.50 TCP_DENIED/403 381 HEAD http://cache.pack.google.com/edgedl/chrome/install/1025.142/ [^] chrome_installer.exe - NONE/- text/html
Web prox..
2012-04-02 13:30:03
5 192.168.1.50 TCP_DENIED/403 2820 GET http://cache.pack.google.com/edgedl/chrome/install/1025.142/ [^] chrome_installer.exe - NONE/- text/html
Web prox..
2012-04-02 13:30:09
5 192.168.1.50 TCP_DENIED/403 381 HEAD http://cache.pack.google.com/edgedl/earth/client/GE6/release [^] _6_2_1/GoogleEarth-Win-Bundle-6.2.1.6014.exe - NONE/- text/html
Web prox..
2012-04-02 13:30:09
35 192.168.1.50 TCP_DENIED/403 2868 GET http://cache.pack.google.com/edgedl/earth/client/GE6/release [^] _6_2_1/GoogleEarth-Win-Bundle-6.2.1.6014.exe - NONE/- text/html
Web prox..
2012-04-02 13:30:15
5 192.168.1.50 TCP_DENIED/403 2738 POST http://tools.google.com/service/update2 [^] - NONE/- text/html



I get this on the monitor online, and leaves no download anything, and agrege blacklisted those addresses, similar to antivirus update error, really do not know how to solve this dilemma.

I already have version 2.5.1 and also does not appear in the Dashboard online activdad as consumption kbps for each network card and other things.

Thanks in advance.
(0007833)
mario79 (reporter)
2012-04-18 23:19

trying to solve the problem of denial of antivirus update pages as google-earth entroe others. as you know the proxy is in transparent mode whitelist addresses off of servers actulizacion of antivirus, google, etc.., but I saw this review and do not know if is correct:

nano / etc / squid / squid.conf
http_proxy 0.0.0.0:3128
http_proxy 127.0.0.1:8080

is this correct??

and use this command giving me the following results:

cat / var / log / squid / access.log | grep proxy.pac

April 18 FW20411 16:25:54 squid [6227]: 1334787954.272 6 192.168.1.203 GET http://192.168.1.1/proxy.pac [^] TCP_DENIED/403 2660 - NONE / - text / html
April 18 FW20411 16:25:54 squid [6227]: 1334787954.304 0 192.168.1.203 GET http://192.168.1.1/proxy.pac [^] TCP_DENIED/403 2660 - NONE / - text / html
April 18 FW20411 16:26:06 squid [6227]: 1334787966.981 1 192.168.1.191 GET http://192.168.1.1/proxy.pac [^] TCP_DENIED/403 2660 - NONE / - text / html
April 18 FW20411 16:26:07 squid [6227]: 1334787967.036 0 192.168.1.191 TCP_DENIED/403
in real-time logs appears this is denied, may be happening?

Thank you for your attention.

Endian version 2.5.1 comunity
(0007849)
mario79 (reporter)
2012-04-30 15:37

Finally, problem solved with the update lock to update antivirus, google earth, proxy.pac.

Please look at the image file "resolution" when I had the problem of blocking / denial, had activated the option "user agent", I generated this lock / denial of antivirus updates, and also appeared as the blockade of proxy.pac and blocking / denial on google earth.

To solve a new rule was created and without enabling the option "user agent".

I hope I have explained this well and able to contribute a little to the community.

The next problem that I hope will be another issue is the slowness of navigation with endian 2.5.1 when the proxy is enabled, the navigation is extremely slow.

Thank you for your attention.
(0007850)
mario79 (reporter)
2012-04-30 15:39

Eye with this option disabled "useragent", is also resolved in version 2.4.1 endian.

Thank you.

- Issue History
Date Modified Username Field Change
2011-12-21 21:06 mario79 New Issue
2012-01-10 10:30 lorenzo-endian Note Added: 0007614
2012-01-10 10:30 lorenzo-endian Assigned To => lorenzo-endian
2012-01-10 10:30 lorenzo-endian Status new => feedback
2012-01-10 14:15 mario79 Note Added: 0007617
2012-04-02 10:27 christian-endian Note Added: 0007783
2012-04-02 10:27 christian-endian Status feedback => closed
2012-04-02 10:27 christian-endian Resolution open => fixed
2012-04-02 19:39 mario79 Note Added: 0007789
2012-04-02 19:39 mario79 Status closed => feedback
2012-04-02 19:39 mario79 Resolution fixed => reopened
2012-04-18 23:17 mario79 File Added: proxy.png
2012-04-18 23:18 mario79 File Added: log.png
2012-04-18 23:19 mario79 File Added: contenfilter.png
2012-04-18 23:19 mario79 Note Added: 0007833
2012-04-30 15:31 mario79 File Added: resolucion.jpg
2012-04-30 15:37 mario79 Note Added: 0007849
2012-04-30 15:39 mario79 Note Added: 0007850

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker