Page 1 of 3 123 LastLast
Results 1 to 10 of 21
  1. #1
    Master Untangler
    Join Date
    Apr 2008
    Posts
    106

    Exclamation Untangle Failed the Spycar.org Test

    We setup a test box with Untangle on it, when I tried the Spycar.org IE test (http://spycar.org/), Untangle failed to block them and allowed all the changes to be made. When I run the same test with a workstation behind Fortigate I get this message:

    High security alert!!!
    You are not permitted to download the file "IE-SetHomePage.exe" because it is infected with the virus "Misc/Spycar".

    URL = http://spycar.org/Spycar_files/IE-SetHomePage.exe

    http://www.fortinet.com/ve?vn=Misc%2FSpycar

  2. #2
    Untangle Ninja gotkimchi's Avatar
    Join Date
    Jan 2007
    Location
    Bay Area
    Posts
    2,106

    Default

    Are you using our virus blocker? I just ran the test, and the virus blocker blocked them.
    to be understood, you must first understand. :)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler
    Join Date
    Apr 2008
    Posts
    106

    Default

    When I look at the Virus Scan Event Log I see the following:

    (HTTP) http://www.spycar.org/Spycar_files/I...dvancedTab.exe - no virus found

    (HTTP) http://www.spycar.org/Spycar_files/IE-HomePageLock.exe - no virus found

    It goes through the list of all the Spycar files with "no virus found". I am using the default Untangle Virus Blocker, not the Kaspersky Virus Blocker.

    Do I need to change my settings, or do something to download the Default Virus Blocker updates?

  4. #4
    Master Untangler
    Join Date
    Apr 2008
    Posts
    106

    Default

    I downloaded the 30-day trial of Kaspersky and got the same thing. It is blocking the EICAR Test Virus (www.eicar.org).

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    I also get them blocked.

    Try disabling "Virus Blocker" and just leaving on "Kaspersky Virus Blocker"
    is eicar blocked then?

    Are you behind a proxy or anything that would prevent updates?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Master Untangler
    Join Date
    Apr 2008
    Posts
    106

    Default

    I tested it with both this time. If I have Kaspersky on it seems to work fine, blocks both Spycar and EICAR. My previous test with Kaspersky may have been to quickly after I enabled it, it may have been downloading updates or something.

    If I turn off Kaspersky the default Virus Blocker blocks EICAR but not Spycar. Is there a way to update the default to block Spycar as well, or are we required to purchase Kaspersky to get the full virus blocking?

  7. #7
    Master Untangler JEllingson's Avatar
    Join Date
    Jan 2008
    Location
    Warner Robins, GA
    Posts
    342

    Default

    I can confirm that ClamAV does *not* detect it, however Kaspersky *does* detect it.

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by JGrubbs View Post
    are we required to purchase Kaspersky to get the full virus blocking?
    No, Virus Blocker is fully functional antivirus based on ClamAV, which just does not block this specific test virus.

    No antivirus software is 100% effective - thats why we have two - because its better than one!
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Master Untangler
    Join Date
    Apr 2008
    Posts
    106

    Default

    I sent an email to ClamAV to alert them that they are not blocking this paticular test.

  10. #10
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,565

    Default

    I just tried it today from behind a clients Untangle box....Virus Blocker stopped the site....and the logs showed it.

    Didn't block the https Eicar tests though..just the http ones.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2