1 2 Previous Next 13 Replies Latest reply on May 2, 2017 9:03 AM by otruniger

    Antimalware-Engine gets blocked by download file

    otruniger

      I run into a problem while testing upgrade from 7.5.2.10 to 7.6.2.5. I have a bunch of developpers who use an appliance on 7.6.2.5 while productive use is still on a 7.5.2.10 HA cluster.

      When a developper downloaded hxxp:// download-cf.jetbrains.com/idea/ideaIU-2016.2.4.exe  the antimalware-engine got blocked and all further requests were blocked because of that. That's something I really can't afford in production.

      I opened a ticket via our support partner but they only tell us that there is someting wrong with that file. I know I can just bypass that download site but I think this is a bug which should be resolved.

       

      This is the line in mwg-core.errors.log when the error ID 14003 happens:

      [2016-10-20 12:39:31.373 +02:00] [AV] [AVError] Error in AntivirusFilter: 'Call to external Anti-Malware engine provided error: Scanning job download-cf.jetbrains.com/idea/ideaIU-2016.2.4.exe" didn't finish in time (current queue length is 0).'.

      This happens after about 2 minutes of the scan process.

       

      As I use a really small model for tests I wonder if this bug only has an impact when ressources are small. Therefore I wonder if someone could download this file in a production environment without the antimalware-engine getting blocked for further requests.

       

      BTW: I could reproduce this on a freshly installed system with the original McAfee ruleset with the first request on it. And also when downloading the same file from my private webserver just using HTTP instead of HTTPS.

       

      Regards, Othmar

        1 2 Previous Next