Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Newbie
    Join Date
    Dec 2012
    Posts
    1

    Default Virus Blocker Lite blocking new Microsoft Office installs

    When you try to install Office you get an error message that the install fails and signature verification can not be completed.

    When looking in untangle you see that virus blocker lite has new hits:

    virus_blocker_lite_name
    Win.Adware.Browsefox-12535(0122bab0a42f8dcb58553c1844478dd0:18299931)


    Disabling virus blocker lite allows for the install to complete.

  2. #2
    Newbie
    Join Date
    Feb 2016
    Posts
    1

    Default Solution to your problem

    Disabling Virus Blocker is not the recommended solution.
    Keep in mind Virus Blocker also blocks any updates for Office 2016 which means you would have to disable your Virus Blocker on a regular basis this will put your environment in risk for actual threats. Just simply add this URL *officecdn.microsoft.com in Pass Sites under Virus Blocker Lite and no more problems installing or updating Office 2016 in your environment.

  3. #3
    Newbie
    Join Date
    Feb 2016
    Posts
    2

    Default

    Getting thousands of Alert messages for what we believe is a legitimate Microsoft Office update. Hesitant to add to the passlist since it could be infected. Any ideas?

    An following event occurred on the Untangle Server @ 2016-02-12 04:29:17.606

    HTTP virus blocked:
    Virus Blocker Lite found virus [Win.Trojan.Bancos-2115(4e91082206f322625de0c78af83317b2:649531)] http://officecdn.microsoft.com/pr/49...68/i321033.cab

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,029

    Default

    It's a known issue with Clam (Virus Blocker Lite). Until Clam revises their ruleset to handle this false positive, I would add the Microsoft sites to the pass list.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    Feb 2016
    Posts
    2

    Default

    thanks

  6. #6
    Untanglit
    Join Date
    Nov 2015
    Posts
    23

    Default

    Same here, I received over 5000 email notifications today because it says that Microsoft Office update is a virus.

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,029

    Default

    Obviously everyone will get the same false positive.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Newbie
    Join Date
    Sep 2012
    Posts
    8

    Default

    So, we added the exception as soon as we started getting the alerts. That was on 2-15-16. I'm still getting alerts with a time stamp for that date (below). We got 1000 this weekend from two specific boxes. The alerts are only from that morning we started getting alerts. Is there a way to clear this out? We've rebooted them, disabled and re-enabled virus blocker, but no change.

    An following event occurred on the Untangle Server @ 2016-02-15 07:36:20.211
    HTTP virus blocked:
    Virus Blocker Lite found virus [Win.Trojan.Bancos-2115(4e91082206f322625de0c78af83317b2:649531)] http://officecdn.microsoft.com/pr/49...e/Data/v32.cab

    {"timeStamp":"2016-02-15 07:36:20.211","clean":false,"requestId":95202791221737,"tag":"uvm[0]: ","nodeName":"virus_blocker_lite","class":"class com.untangle.node.virus.VirusHttpEvent","virusName":"Win.Trojan.Bancos-2115(4e91082206f322625de0c78af83317b2:649531)","partitionTablePostfix":"_2016_02_15"}

    This is an automated message sent because the event matched the configured Alert Rules.

  9. #9
    Newbie
    Join Date
    Sep 2012
    Posts
    8

    Default

    We went in and changed the reporting retention time to one day to try to stop it and it seemed to fix the problem on one, but we still have one sending a couple hundred alerts a day from 2-15-16. Any ideas how to get rid of the old messages?

  10. #10
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,546

    Default

    I ended up pulling VB Lite from all our Untangle installs (about 40 of 'em). I know Clam isn't the best of antivirus programs...quite on the opposite end of the spectrum. But it's simply blocking way too much with these false positives. It's not just a handful that we can go add into the pass list...we'd have to go hire additional full time staff to go around and add all of the addresses to the white list, and maintain it each day with new entries. Those that support businesses (which Untangle aims for as their target client)....have to support Office 365, which is on the rise to dominate e-mail for businesses. ClamAV is blocking the authentication for O365 too. We're getting slammed with calls lately for O365 issues...and I see the block alerts in AV-Lite...so I just pull it now from the rack. Problems go away.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2