Reset HAVP blocked list & allow certain files through
-
Hi,
HAVP is causing some problems here and I've searched the web without success. Seems that there is only a handful of HAVP users out there…
Basically, HAVP does its job too well! I have a machine that is running BOINC. Recently, I registered to a research project (similar to seti@home) and HAVP has kept blocking the files BOINC is trying to download, resulting in failure of the tasks.
the HAVP page on my pfsense box says:
10/10/2011 07:37:54 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 10/10/2011 07:37:53 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 07:28:38 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 07:28:38 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 10/10/2011 03:56:28 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 03:56:27 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 10/10/2011 03:11:50 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 10/10/2011 03:11:49 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 01:39:31 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 01:39:30 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 10/10/2011 01:23:08 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 10/10/2011 01:23:08 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 01:06:17 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 10/10/2011 01:06:17 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 00:43:44 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 10/10/2011 00:43:41 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 00:30:27 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 00:29:47 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 10/10/2011 00:00:00 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 09/10/2011 23:43:37 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 09/10/2011 23:31:30 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 09/10/2011 23:16:45 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 09/10/2011 23:16:45 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 09/10/2011 22:49:03 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 09/10/2011 22:49:02 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 09/10/2011 22:41:59 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 09/10/2011 22:41:58 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 09/10/2011 22:35:55 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable 09/10/2011 22:35:54 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31 Heuristics.Broken.Executable 09/10/2011 22:00:47 127.0.0.1 http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10 Heuristics.Broken.Executable
As you can see BOINC has tried to re-download the same files more than once and will keep trying..
Now to the questions:
I really doubt these files are viruses since they come from an open distributed computing project and must be scanned or somehow declared virus free. Plus I am the only one having this problem, with several hundred thousand members… I will still contact the admins to make sure these files are not viruses but in the meantime, how can I bypass HAVP (either temporarily or permanently)? I tried stopping HAVP and re-trying with BOINC, but somehow the files are still blocked, even if HAVP does not run. Probably Squid Cache. HAVP is parent of Squid here.
Second question: How can I purge/empty/clear the detected virus list of HAVP? There is no "clear" button.
I appreciate guidance.
Thanks to all!
-
Try uncheck "Bock file if error scanning" option HAVPOpen /usr/local/pkg/havp.inc
Find string
$conf[] = "DetectBrokenExecutables yes";
And replace to
$conf[] = "DetectBrokenExecutables no";
Then open HAVP WEB GUI 'Settings' & 'HTTP Proxy' Tabs and click Save button's.
-
Unfortunately HAVP is still blocking the files.
I changed
$conf[] = "DetectBrokenExecutables yes";
to
$conf[] = "DetectBrokenExecutables no";
saved the file, and clicked Apply in the Settings tab of HAVP
Do I need to purge some kind of database or cache?
I also tried manually to download the files and I get a blocked page from HAVP:
HAVP - Access Denied Access to the page has been denied because the following virus was detected Clamd: Heuristics.Broken.Executable
-
@lpallard:
Unfortunately HAVP is still blocking the files.
I changed
$conf[] = "DetectBrokenExecutables yes";
to
$conf[] = "DetectBrokenExecutables no";
saved the file, and clicked Apply in the Settings tab of HAVP
Do I need to purge some kind of database or cache?
I think not. This is not DB function.
"
With this option clamav will try to detect broken executables (both PE and
ELF) and mark them as Broken.Executable.
Default: no
#DetectBrokenExecutables yes
" -
Are you suggesting that I comment out the line
$conf[] = "DetectBrokenExecutables no";
??
-
http://kb.open-e.com/ClamAV-detected-HeuristicsBrokenExecutable_1123.html
Symptom:
Event viewer keeps notifying that ClamAV detected "Heuristics.Broken.Executable"Problem:
The "Heuristics.Broken.Executable" error is shown when the ClamAV is not able to analyse a file.
Solution:
In order to disable the warnings about "Heuristics.Broken.Executable", apply the attached small update (upd_0830-DSS-V6.upd).
To apply a small update go to DSS webgui -> Maintenance -> software update and locate the file using "System software update" frame.
After applying the small update you need to reboot the DSS.
Additional information:
Small update upd_0830-DSS-V6.upd modifies the clamd.conf and changes DetectBrokenExecutables parameter to "no".What, if reboot pfsense?
-
Rebooting did the trick! :)
Is it a big security threat if I keep the Heuristics.Broken.Executable parameter to NO
?
In other words, am I exposing myself to substantial threats?
-
I think not. This is additional AV option for testing corrupted executable.
-
Thanks a lot for your help my friend!