HAVP Access Denied Clamd: Heuristics.Broken.Executable

[Guest]

[johnny5]

I am getting this message when trying to download valid executables:

HAVP - Access Denied

Accesss to the page has been denied

because the following virus was detected
Clamd: Heuristics.Broken.Executable

I am a very new user. Please send simple detailed instructions to disable this so that it doesnt block legitimate downloads.
I have tried adding the domain and also the exact URL to the "do not scan" portion of the HTTP proxy: Antivirus
page.
For example this is blocked:
http: / / evernote.s3.amazonaws.com/win4/public/Evernote_4.5.4.6497.exe

I am simply trying to allow my users to download "evernote"

Thanks,
J5

[johnny5]

Does anyone have any idea how to remedy this?

[johnny5]

Is this a bug? Is there a way to set it to ignore "broken executables"?

[sourcefinder]

Hi Johnny,

I experienced the same problem and solved it:

- make a new content filter profile. Allow the website form where you need to download your exe-file (in my case: teamviewer.com)
- in Proxy - HTTP - Antivirus mention the same website again
- in proxy - http - management/general (I have the dutch version installed) set the proxy to not-transparent
- very important: save en reboot the Endian!

I'm not sure wether all these steps are nessecary or not, but the combination works!

[johnny5]

Thanks, I will try all but the "not transparent" and see if it works. I do not want to use it in "not transparent" if possible. Do you know if it works if transparent is on, and if not, I wonder why not?

[vantek]

I was able to fix this problem in 2.5.1 CE by completely eliminating CLAMAV from scanning for broken executables. I'm not sure if the problem is with CLAV or some other function of Endian, but it eliminating this check solved all of my problems with the HTTP proxy service.

The simple way to accomplish this is:

1. Set up Endian to allow SSH connections from the main dashboard. Just choose SSH ACCESS and then click ENABLE SSH ACCESS.
2. Use an SSH client (like Putty) to log into the firewall using it's local IP address. Use "root" for the login and the password you initially assigned the box to login. You should get a shell prompt after this.
3. Run the command "nano /etc/clamav/clamd.conf.tmpl"
4. Scroll down to the line that says "DetectBrokenExecutables yes"
5. Change the line to "DetectBrokenExecutables no"
6. Press CNTL+O then CNTL+X. You should be taken back to the command line. You can type "logout" to quit the SSH client.
7. Unless you need it, go back to the web interface and turn the SSH server back off.
8. Reboot - Even after updating, rebooting, etc. Endian will no longer check for broken executables.

This solved all of my HTTP downloading problems, as well as problems with Windows computers on the network downloading Windows updates. I think that the broken executables test gives a LOT of false positives. I doubt that it makes much of a difference when it comes to detecting any type of virus with CLAMAV, so there should be little to no downside to eliminating the test. Hope it works for you.

WVH

[roberto_barao]

Thanks, I followed your explanation and everything went right.
[/quote]

[gmurz]

Thanks,   this solved my Probelms with downloading adobe reader and flash updates....