Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Can't download exe's: Antivirus scanning failed (Object is corrupted)
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Whenever I try to download executables, it will download to 99% and then fail. At that time the McAfee on the KWF kicks in to check the file for virusses, and that fails with the following error in the warning log (here trying to download a Novell Client):
Quote:

Antivirus scanning failed (Object is corrupted) for user xxxxxxx at xxx.xxx.xxx.xxx, HTTP file http://files4.novell.com/prot/iPKBIq2DPVI~/clnt491sp1e.exe

This happens with all exe-files.

I do not download exe's very often, but it did work in the past. Maybe this is an error with 6.1.1 (did not install 6.1.2 yet)?

Current McAfee scanengine is 4.4.00 with virus database version 4576.

Anybody else experiencing this? Know a solution?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Are those files password protected? If so they can not be scanned. You can create an excluded rule for the specific file
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
feite wrote on Thu, 08 September 2005 21:10

Are those files password protected? If so they can not be scanned. You can create an excluded rule for the specific file

No, they are not password protected...

I upgraded KWF to 6.1.2 yesterday evening. I am go to check later if it now works (as it used to in the past). I'll come back and post my findings...
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
After upgrading KWF, test failed Sad

Warning log:
Quote:

[09/Sep/2005 12:17:03] (3002) Antivirus scanning failed (Object is corrupted) for user xxxxx at x.x.x.x, HTTP file http://cache.novell.com/cached/2ss2JIYshRc~/clnt491e.exe


I am now running KWF 6.1.2, McAfee virus database 4577 and scanning engine 4.4.00.

Could someone else try to download this Novell client (with internal McAfee virus scanning on the KWF) at http://download.novell.com/SummaryFree.jsp?buildid=2ss2JIYsh Rc~ (24.8Mb)? Just downloading, straight to the Recycle Bin if you like Razz, no need to run or something like that. This would help me in determining if it is a problem of KWF in general or just with my configuration.

Thanks!
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
I downloaded the file for you. Same result:

[09/Sep/2005 14:23:00] (3002) Antivirus scanning failed (Object is corrupted) for user xxxx at xxx.xxx.xxx.xxx, HTTP file http://cache.novell.com/cached/2ss2JIYshRc~/clnt491e.exe.

You could try this file also:

http://ftp1.businessobjects.com/outgoing/products/evalxi/CRX ISerEn.exe

Its a 1G file (cristal reports). When the download reaches 99% and anti-virus kicks in the cpu usage of the firewall goes to 100%, the throughput goes down and new connections are denied. Did try this download many times and once waited for 1 hour... Reboot was needed everytime.

Analysing the problem with processexplorer showed that a thread of KWF was consuming all cpu resources (the thread that was scanning the file). I reported the problem on 13 april 2005 (ticket GET-27953) and since 25 july known as bug 10698.

The last thing I heard it was a problem with the McAfee scan engine and that if was fixed. I was told that version 5.0.00 was now available. Cannot find it on the site of McAfee nor is it part of the new version of KWF...

Feite
  •  
KCAP

Messages: 94
Karma: 2
Send a private message to this user
Here also the same result when downloading the file...

Teun
KCAP [NL]
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Thanks for testing! Cool

Obviously a KWF problem. (Maybe it's McAfee, but that's for Kerio to deal with, I'm a Kerio customer, not McAfee.)

It seems to mostly happen to large files. However, I also have small (~2.5Mb) exe-files that give the same error. On the other hand, some other, larger exe-files (~8Mb) will go OK.

I am sure that with some older KWF versions I was perfectly able to download large exe-files, so somewhere this error sneaked in.

Quote:

I reported the problem on 13 april 2005 (ticket GET-27953)
That's 5 months ago. Seems a very very long time to not fix such a big problem!

I will also submit a bug report. You too, kcap? Maybe the more bug reports, the more attention it will get.
  •  
FRiC

Messages: 56
Karma: 0
Send a private message to this user
I tried downloading that file with no problems, but I'm using KWF with the Alwil avast! plug-in. After downloading I scanned the file with a local copy of F-Secure Client Security. No viruses found...
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
FRiC wrote on Mon, 12 September 2005 03:51

I tried downloading that file with no problems, but I'm using KWF with the Alwil avast! plug-in. After downloading I scanned the file with a local copy of F-Secure Client Security. No viruses found...


Thanks for testing, that confirms it is a problem with the current, internal McAfee anti virus...
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Update:

Last Friday afternoon I submitted a ticket on this issue. I got a quick response from John Jones (Kerio):
Quote:

McAfee Engineering have said that the DAT changes should be in the current DATs please update your virus checker

I asked him what he meant by this. I mean, updates are downloaded by KWF itself? Right? I don't know about DATs etc. I asked for clarification.

I did not get that (yet), but this morning Davind Thorne (Kerio) asked me:
Quote:

Can you try going to the link below and letting us know of the results?
http://nai-update.kerio.com/nai-antivirus/datfiles/4.x/test. html

When I follow this link, I get "Test was successful."

I don't know what was actually tested, but I let David know this result... Do you also get "Test was successful."?
  •  
FRiC

Messages: 56
Karma: 0
Send a private message to this user
It also says "Test was successful." for me. I don't think it really tests anything. Razz
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Last I heard the test is just about being able (or not) to download virus definition updates...
  •  
Petr Dobry (Kerio)

Messages: 776
Karma: 61
Send a private message to this user
winkelman wrote on Tue, 13 September 2005 11:49

Last I heard the test is just about being able (or not) to download virus definition updates...


That's right. This link is only to test you're able to contact update server.

Petr Dobry
Product Development Manager | Kerio
  •  
Petr Dobry (Kerio)

Messages: 776
Karma: 61
Send a private message to this user
feite wrote on Fri, 09 September 2005 14:34


Its a 1G file (cristal reports). When the download reaches 99% and anti-virus kicks in the cpu usage of the firewall goes to 100%, the throughput goes down and new connections are denied. Did try this download many times and once waited for 1 hour... Reboot was needed everytime.



It takes a lot of time to scan 1G file for viruses. That's why you can limit maximum file size to scan with antivirus.

Anyway, we're working on solution to avoid 100% cpu utilization and performance issues in cases like this.


Petr Dobry
Product Development Manager | Kerio
Petr Dobry (Kerio)

Messages: 776
Karma: 61
Send a private message to this user
winkelman wrote on Fri, 09 September 2005 16:58

Thanks for testing! Cool

Obviously a KWF problem. (Maybe it's McAfee, but that's for Kerio to deal with, I'm a Kerio customer, not McAfee.)

It seems to mostly happen to large files. However, I also have small (~2.5Mb) exe-files that give the same error. On the other hand, some other, larger exe-files (~8Mb) will go OK.




Yes, it seems there is some problem in McAfee engine. That file is self-extracting zip archive and McAfee scan will fail with error Object is corrupted. Do you have link to other files which do the same ? I guess this affect only self-extracting files.

A bug was filed for this.

Petr Dobry
Product Development Manager | Kerio
Previous Topic: Kerio WinRoute Firewall 6.1.2 and Kerio VPN Client 1.1.2 released!
Next Topic: users.stat / interfaces.stat format
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 25 02:48:21 CET 2017

Total time taken to generate the page: 0.00526 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.