Menu
▾
▴
#36 Infected file false positive?!
Hi, i use DG 2.9.9.2 on a FreeBSD 6.2 system
DansGuardian 2.9.9.2
Built with: '--enable-clamd=yes' '--enable-pcre=yes' '--enable-fancydm=yes' '--enable-kavd' '--enable-email=yes'
somethimes, I get an e-mail with content:
Data/Time:2008.2.19 17:36:51
User: corpbank\katia
From: 192.168.20.245 (g6.corpbank.intranet)
Where: http://images23.snimka.bg/005169783.jpg
Why:
Method: GET
Size: 36341
Weight: 0
Category: Content scanning
Mime type:image/jpeg
Group: ktb internet users
HTTP resp:403
Log file at the same time reads:
2008.2.19 17:36:51 corpbank\katia 192.168.20.245 http://ad01.investor.bg/adjs.php?n=295766752&what=zone:215&exclude=,&referer=http%3A//www.snimka.bg/album.php%3Falbum_id%3D210134%26photo%3D19 INFECTED DENIED GET 1503 0 Content scanning 1 403 - g6.corpbank.intranet ktb internet users -
there is not a description, why this file is recognized as INFECTED?
The "kavdscan" content scanner is not very well tested, and may have insufficient error reporting. Could you check the output of syslog, and possibly a debug build of DG (pass "--with-dgdebug" to configure)? Also try upgrading to 2.10 and see if that helps, as the 2.9 series was an unstable/development series and is not supported.
Any feedback about this is appreciated now.