Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Apr 2007
    Posts
    8

    Default Symmantec Liveupdate

    Thanks for the great product you have here, I really enjoy it.

    I am having one problem right now though, and thought it might be worthy for consideration to change for the upcoming 5.0.

    We have several computers on our network that are running "Symmantec Client Security".

    They are unable to run Liveupdate (update their virus definitions) when untangle's "Virus Blocker" is running. It starts downloading the updates, but errors out when nearly completed.

    Looking over the logs, I get these messages
    --------------

    192.168.1.128 Exploit.JS.CVE-2005-1790.A 80.231.19.78
    liveupdate.symantecliveupdate.com 80

    192.168.1.145 Exploit.JS.CVE-2005-1790.A 80.231.19.81
    liveupdate.symantecliveupdate.com 80

    192.168.1.138 Exploit.JS.CVE-2005-1790.A 80.231.19.78
    liveupdate.symantecliveupdate.com 80

    192.168.1.145 Exploit.JS.CVE-2005-1790.A 124.40.41.176
    liveupdate.symantecliveupdate.com 80

    192.168.1.145 Exploit.JS.CVE-2005-1790.A 124.40.41.176
    iveupdate.symantecliveupdate.com 80

    192.168.1.145 Exploit.JS.CVE-2005-1790.A 124.40.41.80
    liveupdate.symantecliveupdate.com 80

    192.168.1.145 Exploit.JS.CVE-2005-1790.A 63.211.153.11
    liveupdate.symantecliveupdate.com 80

    192.168.1.145 Exploit.JS.CVE-2005-1790.A 62.41.80.99
    liveupdate.symantecliveupdate.com 80

    -------------------

    Is there anyway that you could allow an exception list by IP in the Antivirus settings? I don't know if this is even possible, but offering the suggestion.

    Liveupdate seems to use both http and ftp downloads.

    A quick google search about the Exploit.JS.CVE-2005-1790.A, shows that others are having the same problem with the "clam antivirus".

    Thank you,

    Russ
    Last edited by robreto; 07-15-2007 at 08:34 PM. Reason: Clarification

  2. #2
    Master Untangler richie's Avatar
    Join Date
    Apr 2007
    Posts
    391

    Default

    you can try creating a custom policy that specifies: any source ip with destination ip ( liveupdate.symantec.com's ip addresses ) that uses destination port 80, 21 ( http, ftp ) use " No Rack".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2