Hello all,
Looking for a new UTM-system as a reseller, I stumbled upon Untangle. It's really easy to use and feature-rich, but it seems parts of it are not working right.
I performed a clean install with, amongst others, Virus Blocker Lite.
I enabled the web scan, but it was flagging all downloads as 'unknown' viruses (status clean, virus name 'unknown') and letting all files pass through. There was someone else with this problem here: https://forums.untangle.com/virus-bl...eats-past.html
I managed to resolve it myself, by performing these steps:
-Log in via SSH
-Go /var/lib
-Rename folder 'clamav' (to clamav-old) (there are a lot of files in this folder at this moment)
-Reinstall Virus Lite package from web UI
-Create folder '/var/lib/clamav'
-CHMOD that folder to 777
-Run FRESHCLAM (there are much fewer files in the folder now)
-Reboot Untangle
After this, web scanning was working just fine and blocking viruses.
However, SMTP scanning is not working properly.
It is scanning all inbound mails, but in the report ('logfile') it marks all messages (with attachments) as 'clean', virus name column being empty. This last part is as expected, but it is marking eicar.com also as clean (whereas the web filter, using the same AV-engine, is catching it).
Having thought something went probably wrong on the initial install, I redownloaded and reinstalled Untangle, this time the x64 version (used the 32-bit before). But I ended up with exactly the same situation.
It seems to me that at first, ClamAV is unable to scan any file because of 'all the files' in its definitions-folder (/var/lib/clamav) and that can be resolved the way I described. But after that SMTP is still not working...
I'm also working with support on this issue, but I since I keep getting these problems, more users must have them? Is there something wrong with the install file of Untangle?