Results 1 to 9 of 9
  1. #1
    Fox
    Fox is offline
    Untangler
    Join Date
    Jun 2008
    Location
    Russia, Moscow
    Posts
    54

    Default ClamAV and Viruses

    As I found in this Forum it seems that the UT ClamAV installation does not catch all bad-ware. I have had from time to time the same that a nasty Virus/Trojan slipped through. Very seldom but at least once the month i have that event until now. And then my ClamAV installation on my Vista did find it and eliminate!!!
    1. Therefore I would like to recommend to add to that rack (,or better alpaca) a force database(s) update possibility. With a control info if update was proper installed and which current versions per database are presently installed, without to need to seek it in reports, but at once on a glace. Maybe again some work for Silver Bullet for later? It looks like and might be that in whether reasons ClamAV is not always up to date. find often in tmp ClamAV fragments and they stay there for sometimes one day before they are not more listed there.
    2. And also to inform in general on which IP/Ports UT needs to have open by all means to update its databases properely, many have, like me, an extra router with firewall (no way to avoid that for me) before the UT box and then accidentally something could be blocked what has to be not being blocked. Thank you.
    Anyway still nothing comes near to UT's ability to secure networks. Thx for that.
    Any Worst-Case Scenario resolved is better as getting only Best-Case scenarios working.... :cool:

  2. #2
    Master Untangler
    Join Date
    Apr 2008
    Posts
    346

    Default

    Quote Originally Posted by Fox View Post
    And also to inform in general on which IP/Ports UT needs to have open by all means to update its databases properely, many have, like me, an extra router with firewall (no way to avoid that for me) before the UT box and then accidentally something could be blocked what has to be not being blocked.
    Sure there is. It's called a switch

  3. #3
    Fox
    Fox is offline
    Untangler
    Join Date
    Jun 2008
    Location
    Russia, Moscow
    Posts
    54

    Default

    A switch I have after the UT, I mean a hardware firewall NAT router before the UT. Pls read my post again.
    Any Worst-Case Scenario resolved is better as getting only Best-Case scenarios working.... :cool:

  4. #4
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,554

    Default

    It should pull down the definitions....so whatever is in front of it, traditional NAT router, will not prevent updates. Nor will opening/forwarding ports help.

    Just like your antivirus software on the PC, you don't need to open/forward ports on your router for your local workstation antivirus to update. It pulls down.

    You may want to run a better product on your workstations for AV. If you still need "free"...how about AntiVir..it's up amongst the top dogs in detection rates, and it's very light.

  5. #5
    Fox
    Fox is offline
    Untangler
    Join Date
    Jun 2008
    Location
    Russia, Moscow
    Posts
    54

    Default

    Its a firewall router that is there to secure that some IP's packages do not reach the internal network or leave it, and secures that some ports are not open, its needed here. Its a double security. UT secures a dedicated part of the network but not all of the network. That's why I real need real to know which ports, and IP's are absolutely necessary for UT to be passing through and not blocking UT's needs for updates. Not all is so easy as you might hope. UT is great only here is double security needed in given reasons, and what is so difficult to get those IP/port info to keep UT working to its best?
    And when my Windows ClamAV detects a Virus and UT ClamAV not, then UT need to be improved to do its work better, or? That should be in anyone's interest I guess.
    Last edited by Fox; 08-23-2008 at 06:25 AM.
    Any Worst-Case Scenario resolved is better as getting only Best-Case scenarios working.... :cool:

  6. #6
    Master Untangler
    Join Date
    Apr 2008
    Posts
    346

    Default

    Quote Originally Posted by Fox View Post
    Its a firewall router that is there to secure that some IP's packages do not reach the internal network or leave it, and secures that some ports are not open, its needed here. Its a double security. UT secures a dedicated part of the network but not all of the network. That's why I real need real to know which ports, and IP's are absolutely necessary for UT to be passing through and not blocking UT's needs for updates. Not all is so easy as you might hope. UT is great only here is double security needed in given reasons, and what is so difficult to get those IP/port info to keep UT working to its best?
    And when my Windows ClamAV detects a Virus and UT ClamAV not, then UT need to be improved to do its work better, or? That should be in anyone's interest I guess.
    Go do a google search for what ports you need opened for yourself (programs), then go to UT Firewall Settings, under the General Tab, click the Default action to BLOCK and then create your rules to only open those ports to the outside. (Unless you already know these, then you are on your way)

    And, Nat Firewall does nothing to prevent a virus from getting in or out from your system, through your email.

    You should find, once you get your hands wet, (utilizing the proper settings with the UT firewall) a better one- opposed to the one found in a Router just providing NAT.

    Which, according to your post, you have not set up adequately to what you really need.

  7. #7
    Fox
    Fox is offline
    Untangler
    Join Date
    Jun 2008
    Location
    Russia, Moscow
    Posts
    54

    Default

    Quote Originally Posted by bratsadtar View Post
    Go do a google search for what ports you need opened for yourself (programs), then go to UT Firewall Settings, under the General Tab, click the Default action to BLOCK and then create your rules to only open those ports to the outside. (Unless you already know these, then you are on your way)

    And, Nat Firewall does nothing to prevent a virus from getting in or out from your system, through your email.

    You should find, once you get your hands wet, (utilizing the proper settings with the UT firewall) a better one- opposed to the one found in a Router just providing NAT.

    Which, according to your post, you have not set up adequately to what you really need.
    Sir, you missed the point. I am talking about UT, and not about my HARDWARE firewall, blocking viruses. Read my other posts and you see I have BLOCK set and my base rule in UT firewall is block all, and then I open ip, protocol, and port for any dedicted needs. I was on my way before you started to read my posting.
    And UT has to block viruses via email or??? What sense if I need to have the same ClamAV then eliminating Viruses UT clamav was letting through?
    I simply asked to inform which ports, protocols, and IP, (or URLs) UT needed to be allowed in any Hardware firewall sitting before UT. Nothing else. What is the problem to get that??? I have set all adequately, only your answer I cannot count as adequate. Hope that somebody else will answer my questions properely.
    Sure, I can go the hard way and set another UT before the UT, block all, and then investigate point by point what UT needs, it will take some time, but for what wasting that time, if UT developers can answer that, and so simply help to have UT working as needed, for anybody in similar network structures.
    Any Worst-Case Scenario resolved is better as getting only Best-Case scenarios working.... :cool:

  8. #8
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,554

    Default

    What make/model router is in front of your UT box? Is this router blocking certain outbound traffic?
    Is your UT box running as a router, or in bridged mode?

    If you want even stronger protection....add the Kaspersky module to UT.

  9. #9
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    it fetches virus signatures over the web. so it needs working dns and http.

    you can force an update just like any normal clam installation
    you can configure clam to update every 5 minutes, but I doubt that will change your results...
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2