Author Topic: [SOLVED] EICAR virus test not working  (Read 5352 times)

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
[SOLVED] EICAR virus test not working
« on: April 16, 2013, 04:29:13 pm »
Hi,

I have enabled the antivirus module, but when I visit the EICAR website and try to download one of the virus test files, the antivirus does not block the file. Why is this so please? I have enabled the antivirus module, enabled it in SAMBA and also in the filter profiles but it does not seem to work :S. Thanks
« Last Edit: April 18, 2013, 11:43:44 am by mat1_8 »

christian

  • Guest
Re: EICAR virus test not working
« Reply #1 on: April 16, 2013, 04:38:11 pm »
I just tested again and confirm it works here (Zentyal 2.2)  :) for HTTP but obviously not for HTTPS  8)
BTW Ive tested all files exposed here, just to be sure.

Are you sure you're using proxy ?

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: EICAR virus test not working
« Reply #2 on: April 16, 2013, 04:41:18 pm »
Yepp I am using proxy since I am authenticating the user via proxy too and from the HTTP proxy log file I could see where the user has accessed. When you say HTTP and not HTTPS, what do you mean exactly please? Could I be using HTTPS connection?

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: EICAR virus test not working
« Reply #3 on: April 16, 2013, 04:44:37 pm »
Hmm ok I know what you meant about HTTP or HTTPS... :). If the file gets blocked by the antivirus, what screen does it show please? If possible would it be a problem to provide me with a screenshot please? Thanks

christian

  • Guest
Re: EICAR virus test not working
« Reply #4 on: April 16, 2013, 05:15:24 pm »
here attached  8)

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: EICAR virus test not working
« Reply #5 on: April 17, 2013, 11:22:16 am »
Thanks christian will try it out once I get the other thing sorted....have posted a new topic

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: EICAR virus test not working
« Reply #6 on: April 17, 2013, 01:20:03 pm »
Hi Christian,

Still no luck with the test file. The screenshot which you have attached, the virus is blocked by the antivirus or else by the content filter? The reason is that the category is set to content scanning.

Also, are you using transparent proxy? Mine is not enabled since I am giving the IP address and port of the proxy server manually. Don't know if that does a difference in regard to virus scanning

christian

  • Guest
Re: EICAR virus test not working
« Reply #7 on: April 17, 2013, 01:33:46 pm »
As you may see if you really read what my screen-shot shows, it states:
"Virus or bad content detected"  because anti-virus is indeed active  ;)

In order to speed-up investigation, could you please post screen copy of your HTTP proxy settings?

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: EICAR virus test not working
« Reply #8 on: April 17, 2013, 03:28:02 pm »
Hi Christian,

Sorry for the delay, do you require the configuration file or screenshot of the GUI interface regarding HTTP Proxy? Thanks

christian

  • Guest
Re: EICAR virus test not working
« Reply #9 on: April 17, 2013, 03:32:12 pm »
I guess GUI screenshot is enough if you didn't change conf file manually  ;)

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: EICAR virus test not working
« Reply #10 on: April 17, 2013, 03:39:20 pm »
Attached :)

christian

  • Guest
Re: EICAR virus test not working
« Reply #11 on: April 17, 2013, 04:07:05 pm »
Ah ! you're running Zentyal 3.0  :-X
As far as I remember, there is no option to enable/disable AV content scanning with 3.0
You may look at dansguardian.conf and check whether this is by default enabled or wait for someone using 3.0 to answer.

I've reinstalled 3.0 test box yesterday but not proxy nor anti-virus there. Perhaps later  ;)

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: EICAR virus test not working
« Reply #12 on: April 17, 2013, 04:26:17 pm »
Thanks for your help well hopefully someone will give feedback soon :)

Sam Graf

  • Guest
Re: EICAR virus test not working
« Reply #13 on: April 17, 2013, 05:27:08 pm »
Regrettably my 3.0 test machine is shut down but I can confirm successfully testing against the EICAR files (not HTTPS). If I need to retest for some reason I can (and am willing to) do that, but it will be a day or two before I can bring that machine back on line.

mat1_8

  • Zen Monk
  • **
  • Posts: 99
  • Karma: +0/-1
    • View Profile
Re: EICAR virus test not working
« Reply #14 on: April 18, 2013, 07:59:55 am »
Hi,

Thanks for your interest. I am currently working via virtual machines and don't know if that does a difference? The client machine is in NAT state and therefore needs to use my physical machine as the gateway to the Internet.

When I click on one of the EICAR virus tests, my physical machine antivirus automatically blocks it as malware obviously. In fact I disabled my antivirus because I thought that it was "cleaning" the malware by itself before it arrives on the virtual machine, but still no luck with that. The other thing which I have done is downloaded the blacklist file from Dansguardian website and blacklisted 2 catgeories - malware and virus something.... When I tried to access the virus test files again, these were not allowed since the site is blacklisted. Obviously it does make sense but after all not all malware sites are listed in the blacklist file so I will surely need the antivirus to work properly.