Reset HAVP blocked list & allow certain files through



  • Hi,

    HAVP is causing some problems here and I've searched the web without success.  Seems that there is only a handful of HAVP users out there…

    Basically, HAVP does its job too well!  I have a machine that is running BOINC.  Recently, I registered to a research project (similar to seti@home) and HAVP has kept blocking the files BOINC is trying to download, resulting in failure of the tasks.

    the HAVP page on my pfsense box says:

    10/10/2011 07:37:54	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    10/10/2011 07:37:53	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 07:28:38	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 07:28:38	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    10/10/2011 03:56:28	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 03:56:27	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    10/10/2011 03:11:50	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    10/10/2011 03:11:49	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 01:39:31	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 01:39:30	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    10/10/2011 01:23:08	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    10/10/2011 01:23:08	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 01:06:17	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    10/10/2011 01:06:17	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 00:43:44	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    10/10/2011 00:43:41	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 00:30:27	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 00:29:47	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemdlong_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    10/10/2011 00:00:00	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    09/10/2011 23:43:37	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    09/10/2011 23:31:30	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    09/10/2011 23:16:45	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    09/10/2011 23:16:45	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    09/10/2011 22:49:03	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    09/10/2011 22:49:02	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    09/10/2011 22:41:59	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    09/10/2011 22:41:58	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    09/10/2011 22:35:55	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    09/10/2011 22:35:54	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/acemd2_6.14_x86_64-pc-linux-gnu__cuda31	Heuristics.Broken.Executable
    09/10/2011 22:00:47	127.0.0.1	http://www.ps3grid.net/PS3GRID/download/libcufft.so.3.1.10	Heuristics.Broken.Executable
    

    As you can see BOINC has tried to re-download the same files more than once and will keep trying..

    Now to the questions:

    I really doubt these files are viruses since they come from an open distributed computing project and must be scanned or somehow declared virus free.  Plus I am the only one having this problem, with several hundred thousand members…  I will still contact the admins to make sure these files are not viruses but in the meantime, how can I bypass HAVP (either temporarily or permanently)?  I tried stopping HAVP and re-trying with BOINC, but somehow the files are still blocked, even if HAVP does not run.  Probably Squid Cache.  HAVP is parent of Squid here.

    Second question:  How can I purge/empty/clear the detected virus list of HAVP?  There is no "clear" button.

    I appreciate guidance.

    Thanks to all!



  • Try uncheck "Bock file if error scanning" option HAVP

    Open /usr/local/pkg/havp.inc

    Find string

        $conf[] = "DetectBrokenExecutables   yes";
    

    And replace to

        $conf[] = "DetectBrokenExecutables   no";
    

    Then open HAVP WEB GUI 'Settings' & 'HTTP Proxy' Tabs and click Save button's.



  • Unfortunately HAVP is still blocking the files.

    I changed

    $conf[] = "DetectBrokenExecutables   yes";

    to

    $conf[] = "DetectBrokenExecutables   no";

    saved the file, and clicked Apply in the Settings tab of HAVP

    Do I need to purge some kind of database or cache?

    I also tried manually to download the files and I get a blocked page from HAVP:

    HAVP - Access Denied
    
    Access to the page has been denied
    
    because the following virus was detected
    
    Clamd: Heuristics.Broken.Executable
    
    


  • @lpallard:

    Unfortunately HAVP is still blocking the files.

    I changed

    $conf[] = "DetectBrokenExecutables   yes";

    to

    $conf[] = "DetectBrokenExecutables   no";

    saved the file, and clicked Apply in the Settings tab of HAVP

    Do I need to purge some kind of database or cache?

    I think not.  This is not DB function.

    "

    With this option clamav will try to detect broken executables (both PE and

    ELF) and mark them as Broken.Executable.

    Default: no

    #DetectBrokenExecutables yes
    "



  • Are you suggesting that I comment out the line

    $conf[] = "DetectBrokenExecutables   no";
    

    ??



  • http://kb.open-e.com/ClamAV-detected-HeuristicsBrokenExecutable_1123.html

    Symptom:
    Event viewer keeps notifying that ClamAV detected "Heuristics.Broken.Executable"

    Problem:

    The "Heuristics.Broken.Executable" error is shown when the ClamAV is not able to analyse a file.

    Solution:

    In order to disable the warnings about "Heuristics.Broken.Executable", apply the attached small update (upd_0830-DSS-V6.upd).
    To apply a small update go to DSS webgui -> Maintenance -> software update and locate the file using "System software update" frame.
    After applying the small update you need to reboot the DSS.
    Additional information:
    Small update upd_0830-DSS-V6.upd modifies the clamd.conf and changes DetectBrokenExecutables parameter to "no".

    What, if reboot pfsense?



  • Rebooting did the trick! :)

    Is it a big security threat if I keep the Heuristics.Broken.Executable parameter to NO

    ?

    In other words, am I exposing myself to substantial threats?



  • I think not. This is additional AV option for testing corrupted executable.



  • Thanks a lot for your help my friend!


Locked