Epson Support FTP Server flagged as containing a virus!

Forums Network Management Signal a BUG Epson Support FTP Server flagged as containing a virus!

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • June 27, 2014 at 9:51 am #43975
    rharrison
    Member

    Hello Fulvio & all,

    I have discovered that with the usage of HAVP Proxy + ClamAV, that the anti-virus is incorrectly marking some sites as infected by the following:

    11:31:57 192.168.0.155 GET 200 http://www.epson.co.uk/files/headfiles/2014-06/frameheadfiles_2014-06-16_type=js;hash=148241478039;mini=1;rtl=0;right=right;left=left;lc=en_106.js 321+781535 VIRUS ClamAV: HTML.Exploit.CVE_2014_0322

    Which is probably because the site in question uses minified JavaScript files.

    This had caused a few problems.

    1. I can access Epson support, but no download links will function.

    2. It is impossible to access the FTP server directly.

    3. The above is always true even with HAVP + Clamav disabled.

    4. Clamav is outdated (which may be causing this behaviour: http://stackoverflow.com/questions/24436332/virus-warning-for-the-latest-phpmyadmin-html-exploit-cve-2014-0322), and I have no way to upgrade:

    23:39:02 Received signal: wake up
    23:39:02 ClamAV update process started at Wed Jun 25 23:39:02 2014
    23:39:02 Your ClamAV installation is OUTDATED!
    23:39:02 Local version: 0.97.8 Recommended version: 0.98.4
    23:39:02 DON’T PANIC! Read http://www.clamav.net/support/faq
    23:39:02 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
    23:39:33 nonblock_connect: connect timing out (30 secs)
    23:39:33 Can’t connect to port 80 of host db.ES.clamav.net (IP: 82.194.71.224)
    23:39:33 getfile: daily-19131.cdiff not found on remote server (IP: 150.214.142.197)
    23:39:33 getpatch: Can’t download daily-19131.cdiff from db.ES.clamav.net
    23:40:03 nonblock_connect: connect timing out (30 secs)
    23:40:03 Can’t connect to port 80 of host db.ES.clamav.net (IP: 82.194.71.224)
    23:40:03 Trying host db.ES.clamav.net (194.65.79.153)…
    23:40:03 getfile: daily-19131.cdiff not found on remote server (IP: 194.65.79.153)
    23:40:03 getpatch: Can’t download daily-19131.cdiff from db.ES.clamav.net
    23:40:33 nonblock_connect: connect timing out (30 secs)
    23:40:33 Can’t connect to port 80 of host db.ES.clamav.net (IP: 82.194.71.224)
    23:40:33 Trying host db.ES.clamav.net (80.80.88.40)…
    23:40:34 Downloading daily-19131.cdiff [100%]
    23:40:41 daily.cld updated (version: 19131, sigs: 1054262, f-level: 63, builder: neo)
    23:40:41 bytecode.cld is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
    23:40:51 Database updated (3478533 signatures) from db.ES.clamav.net (IP: 80.80.88.40)

    5. A seeming inability to unblock the ip/website in question, I am now permanently unable to access Epson downloads – even with the whitelist.

    I can access other FTP servers, so that is not the problem, and it is definitely accessible on a network without Zeroshell.

    It’s really not realistic that I can not have access to drivers/software at work.

    Can anyone help?

    Richard

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.