› Forums › Network Management › Signal a BUG › Epson Support FTP Server flagged as containing a virus!
- This topic is empty.
-
AuthorPosts
-
June 27, 2014 at 9:51 am #43975
rharrison
MemberHello Fulvio & all,
I have discovered that with the usage of HAVP Proxy + ClamAV, that the anti-virus is incorrectly marking some sites as infected by the following:
11:31:57 192.168.0.155 GET 200 http://www.epson.co.uk/files/headfiles/2014-06/frameheadfiles_2014-06-16_type=js;hash=148241478039;mini=1;rtl=0;right=right;left=left;lc=en_106.js 321+781535 VIRUS ClamAV: HTML.Exploit.CVE_2014_0322
Which is probably because the site in question uses minified JavaScript files.
This had caused a few problems.
1. I can access Epson support, but no download links will function.
2. It is impossible to access the FTP server directly.
3. The above is always true even with HAVP + Clamav disabled.
4. Clamav is outdated (which may be causing this behaviour: http://stackoverflow.com/questions/24436332/virus-warning-for-the-latest-phpmyadmin-html-exploit-cve-2014-0322), and I have no way to upgrade:
23:39:02 Received signal: wake up
23:39:02 ClamAV update process started at Wed Jun 25 23:39:02 2014
23:39:02 Your ClamAV installation is OUTDATED!
23:39:02 Local version: 0.97.8 Recommended version: 0.98.4
23:39:02 DON’T PANIC! Read http://www.clamav.net/support/faq
23:39:02 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
23:39:33 nonblock_connect: connect timing out (30 secs)
23:39:33 Can’t connect to port 80 of host db.ES.clamav.net (IP: 82.194.71.224)
23:39:33 getfile: daily-19131.cdiff not found on remote server (IP: 150.214.142.197)
23:39:33 getpatch: Can’t download daily-19131.cdiff from db.ES.clamav.net
23:40:03 nonblock_connect: connect timing out (30 secs)
23:40:03 Can’t connect to port 80 of host db.ES.clamav.net (IP: 82.194.71.224)
23:40:03 Trying host db.ES.clamav.net (194.65.79.153)…
23:40:03 getfile: daily-19131.cdiff not found on remote server (IP: 194.65.79.153)
23:40:03 getpatch: Can’t download daily-19131.cdiff from db.ES.clamav.net
23:40:33 nonblock_connect: connect timing out (30 secs)
23:40:33 Can’t connect to port 80 of host db.ES.clamav.net (IP: 82.194.71.224)
23:40:33 Trying host db.ES.clamav.net (80.80.88.40)…
23:40:34 Downloading daily-19131.cdiff [100%]
23:40:41 daily.cld updated (version: 19131, sigs: 1054262, f-level: 63, builder: neo)
23:40:41 bytecode.cld is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
23:40:51 Database updated (3478533 signatures) from db.ES.clamav.net (IP: 80.80.88.40)5. A seeming inability to unblock the ip/website in question, I am now permanently unable to access Epson downloads – even with the whitelist.
I can access other FTP servers, so that is not the problem, and it is definitely accessible on a network without Zeroshell.
It’s really not realistic that I can not have access to drivers/software at work.
Can anyone help?
Richard
-
AuthorPosts
- You must be logged in to reply to this topic.