Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reset HAVP blocked list & allow certain files through

    Scheduled Pinned Locked Moved pfSense Packages
    9 Posts 2 Posters 5.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pftdm007
      last edited by

      Hi,

      HAVP is causing some problems here and I've searched the web without success.  Seems that there is only a handful of HAVP users out there…

      Basically, HAVP does its job too well!  I have a machine that is running BOINC.  Recently, I registered to a research project (similar to seti@home) and HAVP has kept blocking the files BOINC is trying to download, resulting in failure of the tasks.

      the HAVP page on my pfsense box says:

      10/10/2011 07:37:54	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      10/10/2011 07:37:53	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 07:28:38	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 07:28:38	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      10/10/2011 03:56:28	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 03:56:27	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      10/10/2011 03:11:50	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      10/10/2011 03:11:49	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 01:39:31	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 01:39:30	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      10/10/2011 01:23:08	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      10/10/2011 01:23:08	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 01:06:17	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      10/10/2011 01:06:17	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 00:43:44	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      10/10/2011 00:43:41	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 00:30:27	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 00:29:47	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      10/10/2011 00:00:00	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      09/10/2011 23:43:37	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      09/10/2011 23:31:30	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      09/10/2011 23:16:45	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      09/10/2011 23:16:45	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      09/10/2011 22:49:03	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      09/10/2011 22:49:02	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      09/10/2011 22:41:59	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      09/10/2011 22:41:58	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      09/10/2011 22:35:55	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      09/10/2011 22:35:54	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
      09/10/2011 22:00:47	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
      

      As you can see BOINC has tried to re-download the same files more than once and will keep trying..

      Now to the questions:

      I really doubt these files are viruses since they come from an open distributed computing project and must be scanned or somehow declared virus free.  Plus I am the only one having this problem, with several hundred thousand members…  I will still contact the admins to make sure these files are not viruses but in the meantime, how can I bypass HAVP (either temporarily or permanently)?  I tried stopping HAVP and re-trying with BOINC, but somehow the files are still blocked, even if HAVP does not run.  Probably Squid Cache.  HAVP is parent of Squid here.

      Second question:  How can I purge/empty/clear the detected virus list of HAVP?  There is no "clear" button.

      I appreciate guidance.

      Thanks to all!

      1 Reply Last reply Reply Quote 0
      • D
        dvserg
        last edited by

        Try uncheck "Bock file if error scanning" option HAVP

        Open /usr/local/pkg/havp.inc

        Find string

            $conf[] = "DetectBrokenExecutables   yes";
        

        And replace to

            $conf[] = "DetectBrokenExecutables   no";
        

        Then open HAVP WEB GUI 'Settings' & 'HTTP Proxy' Tabs and click Save button's.

        SquidGuardDoc EN  RU Tutorial
        Localization ru_PFSense

        1 Reply Last reply Reply Quote 0
        • P
          pftdm007
          last edited by

          Unfortunately HAVP is still blocking the files.

          I changed

          $conf[] = "DetectBrokenExecutables   yes";

          to

          $conf[] = "DetectBrokenExecutables   no";

          saved the file, and clicked Apply in the Settings tab of HAVP

          Do I need to purge some kind of database or cache?

          I also tried manually to download the files and I get a blocked page from HAVP:

          HAVP - Access Denied
          
          Access to the page has been denied
          
          because the following virus was detected
          
          Clamd: Heuristics.Broken.Executable
          
          
          1 Reply Last reply Reply Quote 0
          • D
            dvserg
            last edited by

            @lpallard:

            Unfortunately HAVP is still blocking the files.

            I changed

            $conf[] = "DetectBrokenExecutables   yes";

            to

            $conf[] = "DetectBrokenExecutables   no";

            saved the file, and clicked Apply in the Settings tab of HAVP

            Do I need to purge some kind of database or cache?

            I think not.  This is not DB function.

            "

            With this option clamav will try to detect broken executables (both PE and

            ELF) and mark them as Broken.Executable.

            Default: no

            #DetectBrokenExecutables yes
            "

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • P
              pftdm007
              last edited by

              Are you suggesting that I comment out the line

              $conf[] = "DetectBrokenExecutables   no";
              

              ??

              1 Reply Last reply Reply Quote 0
              • D
                dvserg
                last edited by

                http://kb.open-e.com/ClamAV-detected-HeuristicsBrokenExecutable_1123.html

                Symptom:
                Event viewer keeps notifying that ClamAV detected "Heuristics.Broken.Executable"

                Problem:

                The "Heuristics.Broken.Executable" error is shown when the ClamAV is not able to analyse a file.

                Solution:

                In order to disable the warnings about "Heuristics.Broken.Executable", apply the attached small update (upd_0830-DSS-V6.upd).
                To apply a small update go to DSS webgui -> Maintenance -> software update and locate the file using "System software update" frame.
                After applying the small update you need to reboot the DSS.
                Additional information:
                Small update upd_0830-DSS-V6.upd modifies the clamd.conf and changes DetectBrokenExecutables parameter to "no".

                What, if reboot pfsense?

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • P
                  pftdm007
                  last edited by

                  Rebooting did the trick! :)

                  Is it a big security threat if I keep the Heuristics.Broken.Executable parameter to NO

                  ?

                  In other words, am I exposing myself to substantial threats?

                  1 Reply Last reply Reply Quote 0
                  • D
                    dvserg
                    last edited by

                    I think not. This is additional AV option for testing corrupted executable.

                    SquidGuardDoc EN  RU Tutorial
                    Localization ru_PFSense

                    1 Reply Last reply Reply Quote 0
                    • P
                      pftdm007
                      last edited by

                      Thanks a lot for your help my friend!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.