|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Any Trendmicro Viruswall users here?
We had the same .pdf problem. Trend recommended upgrading to version 3.4 and doing the following (from Trend): Add the following text into the firewall configuration file (usually this file is in this path, 'winnt/fw1/4.1/conf/objects.C') <1>.Stop the firewall service by the services in the control console. <2>.Open this file, find this word 'props'. Then add these lines under 'props'. :http_allow_ranges (true) :http_cvp_allow_chunked (true) :http_ing_allow_chunked (true) :http_force_down_to_10 (true) :http_block_java_allow_chunked (true) <3>. Restart the firewall. <4>. Reinstall the policies again. You will obviously have to make this change in the appropriate file for a Solaris system. We haven't had any problems with .pdf files since. -Emily Carrico -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, November 14, 2000 12:01 PM To: '[email protected]' Subject: Re: [FW1] Any Trendmicro Viruswall users here? Jorg, We have been having a very similar problem to the one you described. However we have only seen the effect on .pdf files. When fetched via HTTP they sometimes arrive at the browser plugin viewer corrupted and will not display. Trendmicro have made a number of suggestions including that it may be a problem of HTTP 1.1 not being handled correctly by FW-1; I haven't managed to check this yet. We are running FW-1 4.1 SP1 (I can't run SP2 because it seems to block zipped files being loaded via HTTP) on Solaris 7, and Interscan Viruswall 3.5 build 1079, but we are running it on the same machine as the FW. I haven't done such a thorough test as you, but I have seen that once a file gets corrupted, then we cannot get it again for a while. Sorry that I don't have a solution to offer. Oliver PS. I take it you have not seen any other problems upgrading to SP2? > Date: Mon, 13 Nov 2000 15:32:21 +0100 (MET) > From: Joerg Oertel <[email protected]> > Subject: Re: [FW1] Any Trendmicro Viruswall users here? > > Guys, > > let me explain our problem. We're using Trendmicro's > Interscan Viruswall CVP Server. It's running in conjunction with > CheckPoint's FW-1 v4.1 SP2 on the same machine, a Sun Enterprise > Server 250 with 2 CPUs and 512 MB of RAM and Solaris 2.6. We're > using the CVP version of Viruswall. > > Our experiments are done with a second Viruswall installation on a > server different from the firewall machine. This is also a > multiprocessor sparc computer (e450, 4 CPUs, lots of memory) running > solaris 2.6. The behaviour of both setups is the same. > > Since about the time we upgraded from FW-1 V 4.0 SP5 to Checkpoint > 2000 (a.k.a. FW-1 V 4.1 SP1) and the following installation of SP2, > we're experiencing corrupted files after the virus scanning. > > The most reproduceable case is a HTTP download, where, if a file gets > corrupted once, it will never go through undamaged. We found out, that > the original download from the server to the interscan host is > complete: > iscvpAAPmfdq6h 11292480 > This is the original filesize (11292138 bytes) plus the HTTP header > (342 bytes). > The file after the scan is also complete: > iscvpBAPnfdq6h 11292138 > but now the HTTP header is missing. We believe that this is intended. > While the download is proceeding, the second file disappears from the > directory. This leads us to the conclusion, that not the scanned file, > but the original file is sent back to the firewall after the scanning > is complete. > > However, the file arrives corrupted. I've made 6 test runs and the > results are 11273578, 11272938, 11273322, 11273450, 11273322 and > 11273450 bytes. > > Something similar happens to attached .xls and .doc files, though I > wasn't able to reproduce that. I'm still waiting for a damaged file > along with the undamaged original to do further investigations. > > > Has anybody similar problems? > > Kind regards, > > Jörg ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
