Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: brick on August 31, 2009, 04:26:58 PM

Title: Avast updates with Dansguardian
Post by: brick on August 31, 2009, 04:26:58 PM
Hi all,
I´m running the Avast antivirus on my LAN with about 25 PCs running windows.
The Gateway is a SME running in Server/Gateway mode with the Dansguardian contrib.
Access by IP is denied, since the users are smart enough to figure the address.
I added the allowed MIME types and the extensions that avast updates uses, but since the updates come from hosts such as:
Code: [Select]
1251728311.985    227 192.168.0.160 TCP_DENIED/403 0 GET http://67.228.112.199/iavs4x/prod-av_pro.vpu - DEFAULT_PARENT/127.0.0.1 application/octet-stream
the updates never come through.
Does anyone have a solution for that?
Thanks for any comments on this
Title: Re: Avast updates with Dansguardian
Post by: RedBeard on August 31, 2009, 06:17:02 PM
I simply white list the update site, i.e. and an exemption for the appropriate website.  I usually do this for MS's update site, the anti-virus' update site, java, adobe and others as they pop up.

See: http://wiki.contribs.org/Dansguardian/ConfigFiles#exceptionsitelist (http://wiki.contribs.org/Dansguardian/ConfigFiles#exceptionsitelist)

exceptionsitelist

This contains a list of domain endings that if found in the requested URL, DansGuardian will not filter the page. Note that you should not put the http:// or the www. at the beginning of the entries.

exceptioniplist

This contains a list of client IPs who you want to bypass the filtering. For example, the network administrator's computer's IP.

exceptionurllist

URLs in here are for parts of sites that filtering should be switched off for.

Good Luck
Title: Re: Avast updates with Dansguardian
Post by: dadoudidon on August 31, 2009, 11:05:02 PM
and don't forget after modifications
Code: [Select]
service dansguardian restartDavid
Title: Re: Avast updates with Dansguardian
Post by: brick on September 03, 2009, 01:27:15 AM
Thank you for the comments, I understand how to use, the problem is that I would need to provide every IP from avast in the IPexceptionlist, and they change quite often.
I tried bypassing by extension name and MIME type, but the IP block comes first.
Title: Re: Avast updates with Dansguardian
Post by: dadoudidon on September 03, 2009, 09:52:39 AM
...
Access by IP is denied, since the users are smart enough to figure the address.
Code: [Select]
1251728311.985    227 192.168.0.160 TCP_DENIED/403 0 GET http://67.228.112.199/iavs4x/prod-av_pro.vpu - DEFAULT_PARENT/127.0.0.1 application/octet-stream
the updates never come through.
...

Why don't you use the reverse lookup function?

Quote
Reverse Lookups for Banned Sites and URLs
If set to on, DansGuardian will look up the forward DNS for an IP URL address and search for both in the banned site and URL lists. This would prevent a user from simply entering the IP for a banned address. It will reduce searching speed somewhat so unless you have a local caching DNS server, leave it off and use the Blanket IP Block option in the bannedsitelist file instead.
David
Title: Re: Avast updates with Dansguardian
Post by: RedBeard on September 03, 2009, 03:30:56 PM
Thank you for the comments, I understand how to use, the problem is that I would need to provide every IP from avast in the IPexceptionlist, and they change quite often.
I tried bypassing by extension name and MIME type, but the IP block comes first.

You should be able to use the exceptionsitelist entering the url for avast updates ( avast.com/iavs4x ).  I would avoid using reverse lookup as suggested by dadoudidon unless absolutely necessary as it can slow down the filtering considerably.   
Title: Re: Avast updates with Dansguardian
Post by: dadoudidon on September 03, 2009, 03:55:32 PM
thanks for infos RedBeard, cause i do not use reverse lookup

David
Title: Re: Avast updates with Dansguardian
Post by: brick on September 04, 2009, 07:04:29 AM
You should be able to use the exceptionsitelist entering the url for avast updates ( avast.com/iavs4x ).  I would avoid using reverse lookup as suggested by dadoudidon unless absolutely necessary as it can slow down the filtering considerably.
Maybe I oughta look for the reverse option, putting avast.com in my exception list was one the first things I did.
Like I said, the updates come from different servers, their addresses are IP. Adding the files to the exception list does not help, since Dans is looking at the IP before it looks at the extension/MIME.
Title: Re: Avast updates with Dansguardian
Post by: janet on September 04, 2009, 07:46:00 AM
brick

What about exceptionfilesitelist
It says IPs can be matched too.

# Exception file site list
# Use this list to define sites from which files can be downloaded,
# overriding a blanket download block (blockdownloads = on) or the
# banned MIME type and extension lists (blockdownloads = off).
#
# DOES NOT override content/virus scanning or site/URL bans.

# Don't bother with the www. or
# the http://
#
# These are specifically domains and are not URLs.
# For example 'foo.bar/porn/' is no good, you need
# to just have 'foo.bar'.
#
# You can also match IPs here too.

Title: Re: Avast updates with Dansguardian
Post by: RedBeard on September 04, 2009, 03:25:34 PM
 :shock:  I missed that one.  That looks like that should do the trick.