Untangle Failed the Spycar.org Test
We setup a test box with Untangle on it, when I tried the Spycar.org IE test (http://spycar.org/), Untangle failed to block them and allowed all the changes to be made. When I run the same test with a workstation behind Fortigate I get this message:
High security alert!!!
You are not permitted to download the file "IE-SetHomePage.exe" because it is infected with the virus "Misc/Spycar".
URL = http://spycar.org/Spycar_files/IE-SetHomePage.exe
http://www.fortinet.com/ve?vn=Misc%2FSpycar
Are you using our virus blocker? I just ran the test, and the virus blocker blocked them.
to be understood, you must first understand. :)
Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com
When I look at the Virus Scan Event Log I see the following:
(HTTP) http://www.spycar.org/Spycar_files/I...dvancedTab.exe - no virus found
(HTTP) http://www.spycar.org/Spycar_files/IE-HomePageLock.exe - no virus found
It goes through the list of all the Spycar files with "no virus found". I am using the default Untangle Virus Blocker, not the Kaspersky Virus Blocker.
Do I need to change my settings, or do something to download the Default Virus Blocker updates?
I downloaded the 30-day trial of Kaspersky and got the same thing. It is blocking the EICAR Test Virus (www.eicar.org).
I also get them blocked.
Try disabling "Virus Blocker" and just leaving on "Kaspersky Virus Blocker"
is eicar blocked then?
Are you behind a proxy or anything that would prevent updates?
Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
I tested it with both this time. If I have Kaspersky on it seems to work fine, blocks both Spycar and EICAR. My previous test with Kaspersky may have been to quickly after I enabled it, it may have been downloading updates or something.
If I turn off Kaspersky the default Virus Blocker blocks EICAR but not Spycar. Is there a way to update the default to block Spycar as well, or are we required to purchase Kaspersky to get the full virus blocking?
I can confirm that ClamAV does *not* detect it, however Kaspersky *does* detect it.
No, Virus Blocker is fully functional antivirus based on ClamAV, which just does not block this specific test virus.Originally Posted by JGrubbs
No antivirus software is 100% effective - thats why we have two - because its better than one!
Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
I sent an email to ClamAV to alert them that they are not blocking this paticular test.
I just tried it today from behind a clients Untangle box....Virus Blocker stopped the site....and the logs showed it.
Didn't block the https Eicar tests though..just the http ones.
Posting Permissions
LinkBack URL
About LinkBacks