June 27, 2014 at 9:51 am #43975
Hello Fulvio & all,
I have discovered that with the usage of HAVP Proxy + ClamAV, that the anti-virus is incorrectly marking some sites as infected by the following:
11:31:57 192.168.0.155 GET 200 http://www.epson.co.uk/files/headfiles/2014-06/frameheadfiles_2014-06-16_type=js;hash=148241478039;mini=1;rtl=0;right=right;left=left;lc=en_106.js 321+781535 VIRUS ClamAV: HTML.Exploit.CVE_2014_0322
This had caused a few problems.
1. I can access Epson support, but no download links will function.
2. It is impossible to access the FTP server directly.
3. The above is always true even with HAVP + Clamav disabled.
4. Clamav is outdated (which may be causing this behaviour: http://stackoverflow.com/questions/24436332/virus-warning-for-the-latest-phpmyadmin-html-exploit-cve-2014-0322), and I have no way to upgrade:
23:39:02 Received signal: wake up
23:39:02 ClamAV update process started at Wed Jun 25 23:39:02 2014
23:39:02 Your ClamAV installation is OUTDATED!
23:39:02 Local version: 0.97.8 Recommended version: 0.98.4
23:39:02 DON’T PANIC! Read http://www.clamav.net/support/faq
23:39:02 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
23:39:33 nonblock_connect: connect timing out (30 secs)
23:39:33 Can’t connect to port 80 of host db.ES.clamav.net (IP: 126.96.36.199)
23:39:33 getfile: daily-19131.cdiff not found on remote server (IP: 188.8.131.52)
23:39:33 getpatch: Can’t download daily-19131.cdiff from db.ES.clamav.net
23:40:03 nonblock_connect: connect timing out (30 secs)
23:40:03 Can’t connect to port 80 of host db.ES.clamav.net (IP: 184.108.40.206)
23:40:03 Trying host db.ES.clamav.net (220.127.116.11)…
23:40:03 getfile: daily-19131.cdiff not found on remote server (IP: 18.104.22.168)
23:40:03 getpatch: Can’t download daily-19131.cdiff from db.ES.clamav.net
23:40:33 nonblock_connect: connect timing out (30 secs)
23:40:33 Can’t connect to port 80 of host db.ES.clamav.net (IP: 22.214.171.124)
23:40:33 Trying host db.ES.clamav.net (126.96.36.199)…
23:40:34 Downloading daily-19131.cdiff [100%]
23:40:41 daily.cld updated (version: 19131, sigs: 1054262, f-level: 63, builder: neo)
23:40:41 bytecode.cld is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
23:40:51 Database updated (3478533 signatures) from db.ES.clamav.net (IP: 188.8.131.52)
5. A seeming inability to unblock the ip/website in question, I am now permanently unable to access Epson downloads – even with the whitelist.
I can access other FTP servers, so that is not the problem, and it is definitely accessible on a network without Zeroshell.
It’s really not realistic that I can not have access to drivers/software at work.
Can anyone help?
You must be logged in to reply to this topic.