EFW Support

Support => General Support => Topic started by: johnny5 on Saturday 24 March 2012, 01:42:38 pm



Title: HAVP Access Denied Clamd: Heuristics.Broken.Executable
Post by: johnny5 on Saturday 24 March 2012, 01:42:38 pm
I am getting this message when trying to download valid executables:

HAVP - Access Denied

Accesss to the page has been denied

because the following virus was detected
Clamd: Heuristics.Broken.Executable

I am a very new user. Please send simple detailed instructions to disable this so that it doesnt block legitimate downloads.
I have tried adding the domain and also the exact URL to the "do not scan" portion of the HTTP proxy: Antivirus
page.
For example this is blocked:
http: / / evernote.s3.amazonaws.com/win4/public/Evernote_4.5.4.6497.exe

I am simply trying to allow my users to download "evernote"

Thanks,
J5


Title: Re: HAVP Access Denied Clamd: Heuristics.Broken.Executable
Post by: johnny5 on Tuesday 27 March 2012, 05:25:31 am
Does anyone have any idea how to remedy this?


Title: Re: HAVP Access Denied Clamd: Heuristics.Broken.Executable
Post by: johnny5 on Wednesday 28 March 2012, 12:24:09 pm
Is this a bug? Is there a way to set it to ignore "broken executables"?


Title: Re: HAVP Access Denied Clamd: Heuristics.Broken.Executable
Post by: sourcefinder on Monday 16 April 2012, 01:39:31 am
Hi Johnny,

I experienced the same problem and solved it:

- make a new content filter profile. Allow the website form where you need to download your exe-file (in my case: teamviewer.com)
- in Proxy - HTTP - Antivirus mention the same website again
- in proxy - http - management/general (I have the dutch version installed) set the proxy to not-transparent
- very important: save en reboot the Endian!

I'm not sure wether all these steps are nessecary or not, but the combination works!





Title: Re: HAVP Access Denied Clamd: Heuristics.Broken.Executable
Post by: johnny5 on Thursday 19 April 2012, 11:26:37 pm
Thanks, I will try all but the "not transparent" and see if it works. I do not want to use it in "not transparent" if possible. Do you know if it works if transparent is on, and if not, I wonder why not?


Title: Re: HAVP Access Denied Clamd: Heuristics.Broken.Executable
Post by: vantek on Wednesday 30 May 2012, 03:16:02 am
I was able to fix this problem in 2.5.1 CE by completely eliminating CLAMAV from scanning for broken executables. I'm not sure if the problem is with CLAV or some other function of Endian, but it eliminating this check solved all of my problems with the HTTP proxy service.

The simple way to accomplish this is:

1. Set up Endian to allow SSH connections from the main dashboard. Just choose SSH ACCESS and then click ENABLE SSH ACCESS.
2. Use an SSH client (like Putty) to log into the firewall using it's local IP address. Use "root" for the login and the password you initially assigned the box to login. You should get a shell prompt after this.
3. Run the command "nano /etc/clamav/clamd.conf.tmpl"
4. Scroll down to the line that says "DetectBrokenExecutables yes"
5. Change the line to "DetectBrokenExecutables no"
6. Press CNTL+O then CNTL+X. You should be taken back to the command line. You can type "logout" to quit the SSH client.
7. Unless you need it, go back to the web interface and turn the SSH server back off.
8. Reboot - Even after updating, rebooting, etc. Endian will no longer check for broken executables.

This solved all of my HTTP downloading problems, as well as problems with Windows computers on the network downloading Windows updates. I think that the broken executables test gives a LOT of false positives. I doubt that it makes much of a difference when it comes to detecting any type of virus with CLAMAV, so there should be little to no downside to eliminating the test. Hope it works for you.

WVH


Title: Re: HAVP Access Denied Clamd: Heuristics.Broken.Executable
Post by: roberto_barao on Tuesday 26 June 2012, 07:05:20 am
Thanks, I followed your explanation and everything went right.
[/quote]


Title: Re: HAVP Access Denied Clamd: Heuristics.Broken.Executable
Post by: gmurz on Friday 23 August 2013, 05:10:51 pm
Thanks,   this solved my Probelms with downloading adobe reader and flash updates....