Anti-virus Update Issues (Full Version)

All Forums >> [Web & Mail Security] >> GFI WebMonitor



Message

Carl72x -> Anti-virus Update Issues (15.Jun.2009 1:44:28 PM)

Environment:
Windows Server 2003 SP2
Windows ISA Server 2004 SP3
GFI WebMonitor 2009 (build 20090515) licensed

Problem:
Every time we try to update the A/V definitions for both BitDefender and Norman we get an error message on their respective pages in WebMon.  An example of the error is "Anti-virus last updated on:  Last update check failed.Status: 200 ContentType: text/html; charset=ISO-8859-1 Next try: 06-15 14:46"

After google-ing the only suggestion I've seen is to disable the compression filter in ISA, but this didn't work.  Any insight would be great. 



DrewE -> RE: Anti-virus Update Issues (15.Jun.2009 4:03:45 PM)

Is there anything "upstream" from the Microsoft ISA server, perhaps another proxy, firewall, security appliance, corporate office Internet connection, etc.

Also, if you enter http://www.thisdomainclearlydoesnotexist.net/ are you taken to an "Internet Explorer cannot display the webpage" error, or are you redirected to something else like your Internet Providers "search page"?



Carl72x -> RE: Anti-virus Update Issues (16.Jun.2009 10:59:13 AM)

We have a Cisco PIX 515E between the Internet and ISA.  Also when trying bogus URLs we are directed to the "IE cannot display this page" page



DrewE -> RE: Anti-virus Update Issues (16.Jun.2009 11:03:46 AM)

Can you tell us if the Cisco PIX logs show it is blocking any traffic out from out application?



Carl72x -> RE: Anti-virus Update Issues (16.Jun.2009 11:54:00 AM)

I'm still working on getting access to the PIX, but I have found in ISA that when I try update the AV definitions we get multiple entries that look like:

Initiated Connection SERVER1 6/15/2009 12:50:50 PM
Log type: Firewall service
Status: The operation completed successfully.
Rule: -
Source: Local Host (SERVER1.contoso.net 127.0.0.1:35302)
Destination: Local Host (SERVER1.contoso.net 127.0.0.1:1007)
Protocol: Unidentified IP Traffic (TCP:1007)
User: -
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 127.0.0.1
Client agent: -

and:
Closed Connection SERVER1 6/15/2009 12:50:39 PM
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
Rule: -
Source: Local Host (SERVER1.contoso.net 127.0.0.1:35250)
Destination: Local Host (SERVER1.contoso.net 127.0.0.1:1007)
Protocol: Unidentified IP Traffic (TCP:1007)
User: -
Additional information
Number of bytes sent: 5480 Number of bytes received: 480608
Processing time: 0ms Original Client IP: 127.0.0.1
Client agent: -

If that is of any help...



davidf -> RE: Anti-virus Update Issues (18.Jun.2009 3:40:42 AM)

Hi, Please check with GFI if your license key is valid.



Carl72x -> RE: Anti-virus Update Issues (18.Jun.2009 3:18:40 PM)

it is a valid license, i just upgraded it from WebMonitor 2004 on the customer login site. It doesn't matter anyway, I reinstalled and so far so good. Thanks for the help.



davidf -> RE: Anti-virus Update Issues (19.Jun.2009 9:58:39 AM)

Most probably your WM2009 was still using your WM4 license key in such case our redirection server will return http 200 instead of 302  redirect to update server.



Page: [1]