Results 1 to 5 of 5
  1. #1
    Master Untangler carboncow's Avatar
    Join Date
    Aug 2011
    Location
    Central Ohio
    Posts
    295

    Default Virus Blocker light causing issues with card processing....

    Build 9.4.2

    OK...it's not really credit card processing. We use a unique gift card processing system that goes from Point of Sales clients in our network out to the internet to confirm confirm and alter values on that account.

    We've been battling random latency on ONLY that functionality at our facility. Credit cards and everything else to the same server is happy and all ping and trace routes appear to be happy...so happy connection.

    After turning off modules one by one I determined that that Virus Blocker Lite is what is causing the intermittent issue (about 30% of process attempts have latency in the 45 second range).

    The POS call out to the server via this URL: http://ecommerce.xxxxxxx.com/wp.dll?...ch:process.ips

    The linked screenshot of the WEB EVENT LOG shows mention and the URLs to the server but I have no idea why there are several "unknown" in the VIRUS NAME field.

    SEE: http://www.screencast.com/t/OtB4WwG6a

    I placed a FIREWALL rule to pass all traffic TOO and FROM the server IP but still see the random latency issue.

    1. Any idea why this may be happening?
    2. What does the WEB EVENT LOG tell me about the web scans of the https request?
    3. How could I correct this issue so I can continue to use Virus Blocker Light?
    4. What other info can I provide to help answer any questions?

    Thanks.
    Shawn

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,025

    Default

    Have you considered simply bypassing traffic destined for your online commerce system?

    Virus scans take what they take, and your system could be under load at that moment and causing the catch. Or, the POS system could be using some not quite RFC compliant way of talking with their systems. Either way in my experience it's best to bypass CC authorization traffic entirely.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler carboncow's Avatar
    Join Date
    Aug 2011
    Location
    Central Ohio
    Posts
    295

    Default

    Thanks for you input. That does make sense!

    So I would assume I simply make a FIREWALL rule that is a PASS to the DESTINATION ADDRESS and SOURCE ADDRESS for IP address xxx.xxx.xxx.xxx?

    I've not setup limiting Firewall rules that Block or Pass. I would assume such action allows those packets/requests to be skipped by all modules?

    Thanks.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,025

    Default

    Bypass rules aren't firewall rules, the reason your firewall rule to pass things didn't do much is because the firewall is already passing everything.

    Bypass rules identify traffic to be pulled out of normal Untangle processing, so this traffic is only considered by the Linux kernel. It's a performance measure, but it also prevents untangle from blowing away the packates and rebuilding them. Anytime you're dealing with a device that has heavy amounts of its own security (CC machines are huge for this, as are Postage Meters) Untangle's scanning can make things go very wrong. That's why we have bypass rules, so we can tell Untangle to leave well enough alone.

    If you've got issues after the bypass either the bypass rule is wrong, or something is wrong with the device. Untangle is little more than a Linksys router once the traffic is bypassed.

    config -> network -> bypass
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler carboncow's Avatar
    Join Date
    Aug 2011
    Location
    Central Ohio
    Posts
    295

    Default

    Thanks for that info I was unaware of this advanced feature and found info on it in the help area. Seems pretty straight forward!
    Last edited by carboncow; 11-29-2014 at 05:08 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2