Yamipod

[fslomka]

I don´t know why but the Untangle Virus Blocker blocks Yamipod
Yamipod is something like Sharepod

http://www.yamipod.com/
http://www.getsharepod.com/

[ag100]

CalmAV may have a false detection for this one.. I'll submit this to the folks over there, for review.

ClamAV 0.94.1 2009.04.29 Trojan.Dropper-12634


I think what surprises me a bit more, is UT's response to downloading this.. I'm doing the 14 day trial of Kaspersky (and turned it off for this test), so this was just with UT's free virus blocker.

I downloaded the Yam-Win.zip file 3 times, during which, I never received a message stating that the file was blocked (as I typically would) until I viewed the event log, but in the end, had 3 files, all with different sizes, all ~400K less than what the zip file was supposed to be.

Does anyone know if that's normal behavior, when downloading larger files? (I'm still relatively new to UT).

Thanks,

-ag100

[fslomka]

Is there any solution???

[dmorris]

Quote:

Originally Posted by ag100

CalmAV may have a false detection for this one.. I'll submit this to the folks over there, for review.

ClamAV 0.94.1 2009.04.29 Trojan.Dropper-12634


I think what surprises me a bit more, is UT's response to downloading this.. I'm doing the 14 day trial of Kaspersky (and turned it off for this test), so this was just with UT's free virus blocker.

I downloaded the Yam-Win.zip file 3 times, during which, I never received a message stating that the file was blocked (as I typically would) until I viewed the event log, but in the end, had 3 files, all with different sizes, all ~400K less than what the zip file was supposed to be.

Does anyone know if that's normal behavior, when downloading larger files? (I'm still relatively new to UT).

Thanks,

-ag100

if its small it just buffers the whole file and scans it and then displays the block page.
if its large it trickles the file at a slower rate than the real download (called trickle rate). at some point the file is done on untangle and scanned and then if clean it delivers the rest of the file to the client (otherwise it doesnt)

[ag100]

Thanks dmorris... I'm wondering if there's a better way that would allow all or nothing to be delivered to the desktop, depending on the result of the scan. I can see it getting confusing for users to trying to execute partially delivered packages, etc.. I'll submit an RFE (if one alreadly isn't in), and see if anyone else finds that valuable.

fslomka - As of this morning, clamav still detects this as a trojan. Until they're able to reanalyze the sample and remove the detection (if appropriate), you won't be able to download this, without disabling a/v blocker.

[dmorris]

Quote:

Originally Posted by ag100

Thanks dmorris... I'm wondering if there's a better way that would allow all or nothing to be delivered to the desktop, depending on the result of the scan. I can see it getting confusing for users to trying to execute partially delivered packages, etc.. I'll submit an RFE (if one alreadly isn't in), and see if anyone else finds that valuable.

for large files we can't deliver nothing as the client will time-out. if you want to change this you can change the trickle rate down to 1% which will make the download appear extremely slow but once you reach 1% you'll get the remaining 99% instantly.

[ag100]

Thanks... I was thinking of something that would download the file to the Untangle box, scan it, then allow the desktop to pull it, but slowing the trickle down rate should do the trick, as well.

Also - Any idea if you can change the default behavior of the AV engine, to scan files and log events, without blocking? I know I'm in the minority, but that'd be very useful for me, at times.

Thanks again,

-ag100