This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Files uploaded from Web not being scanned

We have a website on Windows Server 2008 R2 using IIS 7 where our customers can upload files. We have just recently been Pen Tested and our testing company was able to upload and place a test virus signature text file on a folder on our server. We have real-time scanning switched on and for test purposes I have configured this for ALL FILES, however the file is not being detected when it is placed in the folder from the Web or from the LAN. Running a manual full scan does detect the file and says the file has been quarantined, however the infected file remains in the folder it was placed in and is fully accessible.

I would really welcome any suggestions from the forum on how to set this up correctly. The server is managed through the Sophos management console.

This thread was automatically locked due to age.

Parents

0 Gautham Melanta over 4 years ago

Were you able to figure this out. we are having a very similar issue with a windows Server 2012 R2.

I cannot find the test utility that was mentioned in the reponses, guessing it has been deprecated.

Any help would be appreciated.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 4 years ago in reply to Gautham Melanta

Hello Gautham Melanta,

as said it should be in the SEC install directory, default C:\sec_551\tools\.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Gautham Melanta over 4 years ago in reply to QC

Hi Christian,

Is the SEC a separate install? I do not have an SEC folder anywhere..

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 4 years ago in reply to Gautham Melanta

Hello Gautham Melanta,

I was (perhaps incorrectly) assuming you are using the on-premise, SEC (Sophos Enterprise Console)-managed SESC.
Basically savtst32.exe is a simply but convenient tool to write the EICAR testfile to an arbitrary location with an arbitrary name.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Gautham Melanta over 4 years ago in reply to QC

Hi Christian,

No we do not have the on-premise SEC. WE have endpoint protection with cloud based management control.

Is there another tool we can use?

Thanks,

Gautham.
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 4 years ago in reply to Gautham Melanta

Hello Gautham,

not that I know of.
Can't say why savtst32.exe isn't available except with SEC, maybe Support would provide it. It's still mentioned in one article although its alleged "main" article just refers to EICAR.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 4 years ago in reply to Gautham Melanta

Hello Gautham,

not that I know of.
Can't say why savtst32.exe isn't available except with SEC, maybe Support would provide it. It's still mentioned in one article although its alleged "main" article just refers to EICAR.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data