Перейти к содержимому


Фото
- - - - -

DrWeb11-RosaLinux2016KDE- Web Filter not working


  • Please log in to reply
23 ответов в этой теме

#1 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 04 Март 2019 - 10:28

Web filtering with DrWeb11 under Rosa Linux 2016 is not working .... by example - if social networks are blocked i still can contact FB, VK ... - also putting these sites to the blacklist does not bring any results



#2 Igorn

Igorn

    Member

  • Dr.Web Staff
  • 403 Сообщений:

Отправлено 04 Март 2019 - 10:35

i still can contact FB, VK

through http or https?



#3 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 04 Март 2019 - 10:48

i am not sure - SSL/TLS interception is not acitavted - i was not able to get it working with thunderbird - root cert is installed but i still was not able to connect to google mail services - so i deactivated this feature - because i don´t know how the prebuilt filters are done within DrWeb i cannot answer your question in a better way 



#4 Igorn

Igorn

    Member

  • Dr.Web Staff
  • 403 Сообщений:

Отправлено 04 Март 2019 - 11:55

SSL/TLS interception is not acitavted

So, you can contact FB, VK via https



#5 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 04 Март 2019 - 12:16

Dear "Dr.Web Staff" :-)

 

- yes, it´s possible both ways - in the meantime i "tripple-checked" with:

 

Chromium (Version 71.0.3578.98 (Сборка ROSA) ROSA 2016.1 (64-Bit)), Firefox 64.0.2 and my favourite browser Vivaldi (2.3.1440.48 (Stable channel) (64-Bit)) 

Thunderbird is 52.9.1

 

Both root certs are installed (For Mozilla Firefox and Thunderbird) also in Chromium.

 

I have also made a check with SSL/TLS enabled and disabled in Dr. Web - no difference at all - the adresses in the blacklist are both http and https

 

For your additional information: i work with Kernel 4.15 on an AMD 

 

Thank you for your time!



#6 Igorn

Igorn

    Member

  • Dr.Web Staff
  • 403 Сообщений:

Отправлено 04 Март 2019 - 13:48

Sorry, quickly I tried to reproduce your problem only on ROSA Desktop Fresh R9 release 2016.1 for i586 (kernel 4.9.20) with Firefox firefox-52.0.2-1.

As you can see, in this case we can block sites with https.

You can read how to configure product here

https://download.geo.drweb.com/pub/drweb/unix/workstation/11.1/documentation/html/en/index.html?dw_8_gui_settings_network.htm

Прикрепленные файлы:

  • Прикрепленный файл  1.png   194,34К   0 Скачано раз

Сообщение было изменено Igorn: 04 Март 2019 - 13:49


#7 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 04 Март 2019 - 17:01

Dear Igorn, same settings here in Rosa R10 - BUT in reality the result does not work - please see at the images - kinds regards, TP



#8 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 05 Март 2019 - 09:25

Sorry - here are the actual screenshots - any clues?

Прикрепленные файлы:



#9 Igorn

Igorn

    Member

  • Dr.Web Staff
  • 403 Сообщений:

Отправлено 05 Март 2019 - 09:58

Please, show output of the following commands:

#drweb-ctl li -d

#drweb-ctl ap

#drweb-ctl cfshow linuxfirewall

#drweb-ctl -v


Сообщение было изменено Igorn: 05 Март 2019 - 10:00


#10 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 05 Март 2019 - 11:12

thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ drweb-ctl li -d
Debug: Use ConfigD public socket "/var/run/.com.drweb.public"
Debug: ConfigD <-- SUBSCRIBE_TO_KEY
Debug: ConfigD --> KEY_NOTIFICATION
Notice: License number 132326383, expires 2020-Jul-12 18:10:58 (495 days left)
Debug: Activated: 2016-Nov-09 17:10:58
Debug: Allows start (scanner spider gate)
thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ drweb-ctl ap
ConfigD; 5368; RUNNING 1; Installed (ConfigD ScanEngine FileCheck Update ESAgent NetCheck GateD MailD Antispam CloudD MeshD LinuxGUI LinuxSpider LinuxFirewall), Should run (Update LinuxSpider LinuxFirewall)
ScanEngine; 6422; RUNNING 1; Core engine 7.00.34.11020, 7518616 virus records, max forks 24
FileCheck; 6367; RUNNING 1
Update; 6239; RUNNING 1
GateD; 6587; RUNNING 1
CloudD; 6937; RUNNING 1
MeshD; 6889; RUNNING 1
LinuxSpider; 6240; RUNNING 1; Mode Fanotify
LinuxFirewall; 6241; RUNNING 1
thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ drweb-ctl cfshow linuxfirewall
LinuxFirewall.LogLevel = Notice
LinuxFirewall.Log = Auto
LinuxFirewall.ExePath = /opt/drweb.com/bin/drweb-firewall
LinuxFirewall.AutoconfigureIptables = Yes
LinuxFirewall.AutoconfigureRouting = Yes
LinuxFirewall.LocalDeliveryMark = Auto
LinuxFirewall.ClientPacketsMark = Auto
LinuxFirewall.ServerPacketsMark = Auto
LinuxFirewall.TproxyListenAddress = 127.0.0.1:0
LinuxFirewall.OutputDivertEnable = Yes
LinuxFirewall.OutputDivertNfqueueNumber = Auto
LinuxFirewall.OutputDivertConnectTransparently = No
LinuxFirewall.InputDivertEnable = No
LinuxFirewall.InputDivertNfqueueNumber = Auto
LinuxFirewall.InputDivertConnectTransparently = Yes                                                
LinuxFirewall.ForwardDivertEnable = No                                                             
LinuxFirewall.ForwardDivertNfqueueNumber = Auto                                                     
LinuxFirewall.ForwardDivertConnectTransparently = No                                                  
LinuxFirewall.Whitelist =                                                                                
LinuxFirewall.Blacklist = www.facebook.com                                                                 
LinuxFirewall.Blacklist = facebook.com                                                                        
LinuxFirewall.Blacklist = ok.facebook.com                                                                        
LinuxFirewall.Blacklist = www.ok.facebook.com                                                                        
LinuxFirewall.Blacklist = a.ok.facbook.com                                                                              
LinuxFirewall.Blacklist = facebook.com.au                                                                                   
LinuxFirewall.Blacklist = www.facebook.com.au                                                                                 
LinuxFirewall.Blacklist = nl-nl.facebook.com                                                                                    
LinuxFirewall.Blacklist = www.nl-nl.facebook.com                                                                                  
LinuxFirewall.Blacklist = facebook.nl                                                                                              
LinuxFirewall.Blacklist = www.facebook.nl                                                                                            
LinuxFirewall.Blacklist = login.facebook.com.au                                                                                      
LinuxFirewall.Blacklist = www.login.facebook.com.au
LinuxFirewall.Blacklist = www-10-01-snc2.facebook.com
LinuxFirewall.Blacklist = www-11-01-snc2.facebook.com
LinuxFirewall.Blacklist = www-10-03-ash1.facebook.com
LinuxFirewall.Blacklist = www-12-08-ash1.facebook.com
LinuxFirewall.Blacklist = www-13-08-ash1.facebook.com
LinuxFirewall.Blacklist = static.ak.fbcdn.net
LinuxFirewall.Blacklist = www.static.ak.fbcdn.net
LinuxFirewall.Blacklist = login.facebook.com
LinuxFirewall.Blacklist = www.login.facebook.com
LinuxFirewall.Blacklist = login.facebook.com.nl
LinuxFirewall.Blacklist = www.login.facebook.com.nl
LinuxFirewall.Blacklist = fbcdn.net
LinuxFirewall.Blacklist = www.fbcdn.net
LinuxFirewall.Blacklist = fbcdn.com
LinuxFirewall.Blacklist = www.fbcdn.com
LinuxFirewall.Blacklist = ads.ak.facebook.com
LinuxFirewall.Blacklist = www.ads.ak.facebook.com
LinuxFirewall.Blacklist = www.static.ak.connect.facebook.com
LinuxFirewall.InspectHttp = Yes
LinuxFirewall.InspectPop3 = Yes
LinuxFirewall.InspectImap = Yes
LinuxFirewall.InspectSmtp = Yes
LinuxFirewall.ExcludedProc = 
LinuxFirewall.UnwrapSsl = No
LinuxFirewall.BlockUnchecked = No
LinuxFirewall.BlockInfectionSource = Yes
LinuxFirewall.BlockNotRecommended = Yes
LinuxFirewall.BlockAdultContent = No
LinuxFirewall.BlockViolence = Yes
LinuxFirewall.BlockWeapons = Yes
LinuxFirewall.BlockGambling = Yes
LinuxFirewall.BlockDrugs = Yes
LinuxFirewall.BlockObsceneLanguage = Yes
LinuxFirewall.BlockChats = No
LinuxFirewall.BlockTerrorism = Yes
LinuxFirewall.BlockFreeEmail = No
LinuxFirewall.BlockSocialNetworks = Yes
LinuxFirewall.BlockDueToCopyrightNotice = Yes
LinuxFirewall.BlockOnlineGames = Yes
LinuxFirewall.BlockAnonymizers = No
LinuxFirewall.BlockCryptocurrencyMiningPools = Yes
LinuxFirewall.BlockKnownVirus = Yes
LinuxFirewall.BlockSuspicious = Yes
LinuxFirewall.BlockAdware = Yes
LinuxFirewall.BlockDialers = Yes
LinuxFirewall.BlockJokes = Yes
LinuxFirewall.BlockRiskware = Yes
LinuxFirewall.BlockHacktools = Yes
LinuxFirewall.ScanTimeout = 30s
LinuxFirewall.HeuristicAnalysis = On
LinuxFirewall.PackerMaxLevel = 8
LinuxFirewall.ArchiveMaxLevel = 8
LinuxFirewall.MailMaxLevel = 8
LinuxFirewall.ContainerMaxLevel = 8
LinuxFirewall.MaxCompressionRatio = 500
LinuxFirewall.RuleSet0 = 
LinuxFirewall.RuleSet1 =  : set UnwrapSSL = false
LinuxFirewall.RuleSet1 = divert output : set HttpTemplatesDir = "output"
LinuxFirewall.RuleSet1 = divert input : set HttpTemplatesDir = "input"
LinuxFirewall.RuleSet1 = divert forward : set HttpTemplatesDir = "output"
LinuxFirewall.RuleSet1 =  : set MailTemplatesDir = "firewall"
LinuxFirewall.RuleSet2 = 
LinuxFirewall.RuleSet3 = 
LinuxFirewall.RuleSet4 = 
LinuxFirewall.RuleSet5 = protocol in (Http), direction request, url_host in "LinuxFirewall.Blacklist" : BLOCK as BlackList
LinuxFirewall.RuleSet5 = protocol in (Http), direction request, url_host in "LinuxFirewall.Whitelist" : PASS
LinuxFirewall.RuleSet6 = 
LinuxFirewall.RuleSet7 = protocol in (Http), direction request, url_category in "LinuxFirewall.BlockCategory" : BLOCK as _match
LinuxFirewall.RuleSet8 = 
LinuxFirewall.RuleSet9 = protocol in (Http), divert input, direction request, threat_category in "LinuxFirewall.BlockThreat" : BLOCK as _match
LinuxFirewall.RuleSet9 = protocol in (Http), direction response, threat_category in "LinuxFirewall.BlockThreat" : BLOCK as _match
LinuxFirewall.RuleSet9 = protocol in (Smtp), threat_category in "LinuxFirewall.BlockThreat" : REJECT
LinuxFirewall.RuleSet9 = protocol in (Smtp), url_category in "LinuxFirewall.BlockCategory" : REJECT
LinuxFirewall.RuleSet9 = protocol in (Pop3, Imap), threat_category in "LinuxFirewall.BlockThreat" : REPACK as _match
LinuxFirewall.RuleSet9 = protocol in (Pop3, Imap), url_category in "LinuxFirewall.BlockCategory" : REPACK as _match
LinuxFirewall.RuleSet10 = 
LinuxFirewall.InterceptHook = local dwl = require 'drweb.lookup'
function intercept_hook(ctx)
    -- do not check if group == Root.TrustedGroup
    if ctx.divert == "output" and ctx.group == "drweb"
    then
        return "pass"
    end
    -- do not check connections from privileged ports
    if ctx.src.port >= 0 and ctx.src.port <= 1024
    then
        return "pass"
    end
    return "check"
end
 
LinuxFirewall.XtablesLockPath = 
thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ drwe-ctl -v
bash: drwe-ctl: Kommando nicht gefunden.
thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ drweb-ctl -v
drweb-ctl 11.1.0.1902221854
thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ 


#11 Igorn

Igorn

    Member

  • Dr.Web Staff
  • 403 Сообщений:

Отправлено 05 Март 2019 - 11:48

LinuxFirewall.UnwrapSsl = No

First of all, change it to "Yes"  (for example, via settings in drweb-gui)



#12 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 05 Март 2019 - 11:58

thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ drweb-ctl li -d
Debug: Use ConfigD public socket "/var/run/.com.drweb.public"
Debug: ConfigD <-- SUBSCRIBE_TO_KEY
Debug: ConfigD --> KEY_NOTIFICATION
Notice: License number 132326383, expires 2020-Jul-12 18:10:58 (495 days left)
Debug: Activated: 2016-Nov-09 17:10:58
Debug: Allows start (scanner spider gate)
thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ drweb-ctl ap
ConfigD; 5485; RUNNING 1; Installed (ConfigD ScanEngine FileCheck Update ESAgent NetCheck GateD MailD Antispam CloudD MeshD LinuxGUI LinuxSpider LinuxFirewall), Should run (Update LinuxSpider LinuxFirewall)
ScanEngine; 6578; RUNNING 1; Core engine 7.00.34.11020, 7518616 virus records, max forks 24
FileCheck; 6522; RUNNING 1
Update; 6395; RUNNING 1
GateD; 6702; RUNNING 1
CloudD; 7095; RUNNING 1
MeshD; 7047; RUNNING 1
LinuxSpider; 6396; RUNNING 1; Mode Fanotify
LinuxFirewall; 6397; RUNNING 1
thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ drweb-ctl cfshow linuxfirewall
LinuxFirewall.LogLevel = Notice
LinuxFirewall.Log = Auto
LinuxFirewall.ExePath = /opt/drweb.com/bin/drweb-firewall
LinuxFirewall.AutoconfigureIptables = Yes
LinuxFirewall.AutoconfigureRouting = Yes
LinuxFirewall.LocalDeliveryMark = Auto
LinuxFirewall.ClientPacketsMark = Auto
LinuxFirewall.ServerPacketsMark = Auto
LinuxFirewall.TproxyListenAddress = 127.0.0.1:0
LinuxFirewall.OutputDivertEnable = Yes
LinuxFirewall.OutputDivertNfqueueNumber = Auto
LinuxFirewall.OutputDivertConnectTransparently = No
LinuxFirewall.InputDivertEnable = No
LinuxFirewall.InputDivertNfqueueNumber = Auto
LinuxFirewall.InputDivertConnectTransparently = Yes
LinuxFirewall.ForwardDivertEnable = No
LinuxFirewall.ForwardDivertNfqueueNumber = Auto
LinuxFirewall.ForwardDivertConnectTransparently = No
LinuxFirewall.Whitelist = 
LinuxFirewall.Blacklist = www.facebook.com
LinuxFirewall.Blacklist = facebook.com
LinuxFirewall.Blacklist = ok.facebook.com                                                                                            
LinuxFirewall.Blacklist = www.ok.facebook.com                                                                                        
LinuxFirewall.Blacklist = a.ok.facbook.com                                                                                           
LinuxFirewall.Blacklist = facebook.com.au                                                                                            
LinuxFirewall.Blacklist = www.facebook.com.au                                                                                        
LinuxFirewall.Blacklist = nl-nl.facebook.com                                                                                         
LinuxFirewall.Blacklist = www.nl-nl.facebook.com                                                                                     
LinuxFirewall.Blacklist = facebook.nl                                                                                                
LinuxFirewall.Blacklist = www.facebook.nl                                                                                            
LinuxFirewall.Blacklist = login.facebook.com.au                                                                                      
LinuxFirewall.Blacklist = www.login.facebook.com.au
LinuxFirewall.Blacklist = www-10-01-snc2.facebook.com
LinuxFirewall.Blacklist = www-11-01-snc2.facebook.com
LinuxFirewall.Blacklist = www-10-03-ash1.facebook.com
LinuxFirewall.Blacklist = www-12-08-ash1.facebook.com
LinuxFirewall.Blacklist = www-13-08-ash1.facebook.com
LinuxFirewall.Blacklist = static.ak.fbcdn.net
LinuxFirewall.Blacklist = www.static.ak.fbcdn.net
LinuxFirewall.Blacklist = login.facebook.com
LinuxFirewall.Blacklist = www.login.facebook.com
LinuxFirewall.Blacklist = login.facebook.com.nl
LinuxFirewall.Blacklist = www.login.facebook.com.nl
LinuxFirewall.Blacklist = fbcdn.net
LinuxFirewall.Blacklist = www.fbcdn.net
LinuxFirewall.Blacklist = fbcdn.com
LinuxFirewall.Blacklist = www.fbcdn.com
LinuxFirewall.Blacklist = ads.ak.facebook.com
LinuxFirewall.Blacklist = www.ads.ak.facebook.com
LinuxFirewall.Blacklist = www.static.ak.connect.facebook.com
LinuxFirewall.InspectHttp = Yes
LinuxFirewall.InspectPop3 = Yes
LinuxFirewall.InspectImap = Yes
LinuxFirewall.InspectSmtp = Yes
LinuxFirewall.ExcludedProc = 
LinuxFirewall.UnwrapSsl = Yes
LinuxFirewall.BlockUnchecked = No
LinuxFirewall.BlockInfectionSource = Yes
LinuxFirewall.BlockNotRecommended = Yes
LinuxFirewall.BlockAdultContent = No
LinuxFirewall.BlockViolence = Yes
LinuxFirewall.BlockWeapons = Yes
LinuxFirewall.BlockGambling = Yes
LinuxFirewall.BlockDrugs = Yes
LinuxFirewall.BlockObsceneLanguage = Yes
LinuxFirewall.BlockChats = No
LinuxFirewall.BlockTerrorism = Yes
LinuxFirewall.BlockFreeEmail = No
LinuxFirewall.BlockSocialNetworks = Yes
LinuxFirewall.BlockDueToCopyrightNotice = Yes
LinuxFirewall.BlockOnlineGames = Yes
LinuxFirewall.BlockAnonymizers = No
LinuxFirewall.BlockCryptocurrencyMiningPools = Yes
LinuxFirewall.BlockKnownVirus = Yes
LinuxFirewall.BlockSuspicious = Yes
LinuxFirewall.BlockAdware = Yes
LinuxFirewall.BlockDialers = Yes
LinuxFirewall.BlockJokes = Yes
LinuxFirewall.BlockRiskware = Yes
LinuxFirewall.BlockHacktools = Yes
LinuxFirewall.ScanTimeout = 30s
LinuxFirewall.HeuristicAnalysis = On
LinuxFirewall.PackerMaxLevel = 8
LinuxFirewall.ArchiveMaxLevel = 8
LinuxFirewall.MailMaxLevel = 8
LinuxFirewall.ContainerMaxLevel = 8
LinuxFirewall.MaxCompressionRatio = 500
LinuxFirewall.RuleSet0 = 
LinuxFirewall.RuleSet1 =  : set UnwrapSSL = true
LinuxFirewall.RuleSet1 = divert output : set HttpTemplatesDir = "output"
LinuxFirewall.RuleSet1 = divert input : set HttpTemplatesDir = "input"
LinuxFirewall.RuleSet1 = divert forward : set HttpTemplatesDir = "output"
LinuxFirewall.RuleSet1 =  : set MailTemplatesDir = "firewall"
LinuxFirewall.RuleSet2 = 
LinuxFirewall.RuleSet3 = 
LinuxFirewall.RuleSet4 = 
LinuxFirewall.RuleSet5 = protocol in (Http), direction request, url_host in "LinuxFirewall.Blacklist" : BLOCK as BlackList
LinuxFirewall.RuleSet5 = protocol in (Http), direction request, url_host in "LinuxFirewall.Whitelist" : PASS
LinuxFirewall.RuleSet6 = 
LinuxFirewall.RuleSet7 = protocol in (Http), direction request, url_category in "LinuxFirewall.BlockCategory" : BLOCK as _match
LinuxFirewall.RuleSet8 = 
LinuxFirewall.RuleSet9 = protocol in (Http), divert input, direction request, threat_category in "LinuxFirewall.BlockThreat" : BLOCK as _match
LinuxFirewall.RuleSet9 = protocol in (Http), direction response, threat_category in "LinuxFirewall.BlockThreat" : BLOCK as _match
LinuxFirewall.RuleSet9 = protocol in (Smtp), threat_category in "LinuxFirewall.BlockThreat" : REJECT
LinuxFirewall.RuleSet9 = protocol in (Smtp), url_category in "LinuxFirewall.BlockCategory" : REJECT
LinuxFirewall.RuleSet9 = protocol in (Pop3, Imap), threat_category in "LinuxFirewall.BlockThreat" : REPACK as _match
LinuxFirewall.RuleSet9 = protocol in (Pop3, Imap), url_category in "LinuxFirewall.BlockCategory" : REPACK as _match
LinuxFirewall.RuleSet10 = 
LinuxFirewall.InterceptHook = local dwl = require 'drweb.lookup'
function intercept_hook(ctx)
    -- do not check if group == Root.TrustedGroup
    if ctx.divert == "output" and ctx.group == "drweb"
    then
        return "pass"
    end
    -- do not check connections from privileged ports
    if ctx.src.port >= 0 and ctx.src.port <= 1024
    then
        return "pass"
    end
    return "check"
end
 
LinuxFirewall.XtablesLockPath = 
thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ drweb-ctl -v
drweb-ctl 11.1.0.1902221854
thomaspeteroberlechner@thomaspeteroberlechner-MS-7B79 ~ $ 
 
**************************
Done, but same result ... ?
**************************

 

 



#13 Igorn

Igorn

    Member

  • Dr.Web Staff
  • 403 Сообщений:

Отправлено 05 Март 2019 - 14:07

On your screenshot I see green lock. Compare with my screenshot - there's yellow lock (because browser uses our certificate).

Maybe, you did not add our certificate то browser.

For adding it, use settings "Network" in drweb-gui (read "Details" there)

After that, restart your Firefox.

Прикрепленные файлы:

  • Прикрепленный файл  2.png   63,71К   0 Скачано раз
  • Прикрепленный файл  3.png   69,06К   0 Скачано раз

Сообщение было изменено Igorn: 05 Март 2019 - 14:22


#14 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 05 Март 2019 - 15:37

Dear Igor,

 

unfortunately i did - very strange - so pleae have a look, cert storage for Firefox and Chromium ...

Прикрепленные файлы:



#15 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 05 Март 2019 - 15:47

Just to add: tested the antivirus functionality with EICAR - works fine, immediate detection after download -  :D

 

http://2016.eicar.org/86-0-Intended-use.html

 



#16 Igorn

Igorn

    Member

  • Dr.Web Staff
  • 403 Сообщений:

Отправлено 05 Март 2019 - 15:56

immediate detection after download

- If detection works AFTER download - so SpIDer Guard detectes it.

http://2016.eicar.org/86-0-Intended-use.html

- here is a link to http



#17 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 05 Март 2019 - 19:24

That´s what i´ve said ... in the meantime i got the error message 102 - i restarted the webgate as mentioned - immediatly i got a certificate warning in Mozilla Thunderbird and all the complete internet access was blocked - so i restarted the machine again and now it seems to work again except that blocking feature. 



#18 Igorn

Igorn

    Member

  • Dr.Web Staff
  • 403 Сообщений:

Отправлено 06 Март 2019 - 14:47

Try to do  follows

1. close all Firefox windows

2. temporary switch off SpIDer Guard

3 switch on SpIDer Gate and option "check ssl/tls"

4. run in console:
$ wget https://secure.eicar.org/eicar.com--no-check-certificate

SpIDer Gate works if you see:

--2019-03-06 10:28:45--  https://secure.eicar.org/eicar.com
Resolving secure.eicar.org... 213.211.198.58
Connecting to secure.eicar.org|213.211.198.58|:443... connected.
WARNING: cannot verify secure.eicar.org's certificate, issued by ‘CN=SpIDer Gate Untrusted Root Certificate,OU=SpIDer Gate,O=DrWeb,L=Moscow,C=RU’:
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 403 Blocked by SpIDer Gate
2019-03-06 10:28:45 ERROR 403: Blocked by SpIDer Gate.
 

- show your output

 

5. start Firefox, then open New Private Window

In this window try to open https://www.facebook.com

Show the screenshot of this window

6. if the site opens, additionally, show a screenshot with information about the certificate used on this site (click on lock -> show certificate)


Сообщение было изменено Igorn: 06 Март 2019 - 14:49


#19 Igorn

Igorn

    Member

  • Dr.Web Staff
  • 403 Сообщений:

Отправлено 06 Март 2019 - 18:34

$ wget https://secure.eicar.org/eicar.com--no-check-certificate

Sorry, use

$ wget https://secure.eicar.org/eicar.com --no-check-certificate


Сообщение было изменено Igorn: 06 Март 2019 - 18:34


#20 ThomasPeter

ThomasPeter

    Newbie

  • Posters
  • 12 Сообщений:

Отправлено 06 Март 2019 - 21:56

Dear Igor - the Virus detection is fine - i didn´t see the same result in the console but i got the warning / detection message from DrWeb - it´s also documented in the "Virus-Quarantäne" - it did the same regarding the web filter - still the same - it is not working, please see the result

Прикрепленные файлы:




Читают тему: 0

0 пользователей, 0 гостей, 0 скрытых