"Client terminated connection early"

Hi there!,

 

  

So when I send the EICAR file for example, it says that my client disconnects (It doesn't.)

 

But some other files that I send DOES not say that the client disconnects and continues either clearing the file or marking it as a violation.

Which should exclude any syntax related errors.

 

This pattern is consistent as well. The same file works each time, and each file that doesn't work, never work.

 

 

In wire shark I can see that the server returns;

500 Server Error

505 Unsupported Protocol or Version

 

 

Why is it saying that the client is disconnected on certain files? And how do I stop it?

 

Any ideas?

  • Hi Jeff,

    In your savdid.conf please can you check the scanprotocol section to see if SUBDIR is specified? 

    Regards,

    Stephen

  • In reply to StephenMcKay:

    Yes, and I've tried with DIR as well.

  • In reply to Jeff Olsen:

    Come on Sophos.

    Don't make us switch to ESET.

    We're stuck here.

  • In reply to Jeff Olsen:

    Hi Jeff,

    Are you able to share your SAVDID Conf file please?

    Please can you also confirm how you are sending the files for scanning/which ICAP client you are using?

    Regards,

    Stephen

  • In reply to StephenMcKay:

    # No of worker threads to start up
    threadcount: 8
    maxqueuedsessions: 4


    onexception: REQUEST  
    onrequest: SESSION

    log {
    type: FILE
    logdir: C:\ProgramData\Sophos\SAV Dynamic Interface\Logs\
    loglevel: 3
    }

    channel {


    logrequests: YES

    commprotocol {
    type: IP
    address: xxxxxxxx 
    port: 1344
    sendtimeout: 2
    recvtimeout: 2
    }

    service {
    name: avscan
    type: avscan

    scanprotocol {
    type: ICAP
    allowscanfile: SUBDIR (Have tried with removing completely, subdir and dir)
    version: 1.01
    allow204: YES
    tmpfilestub: C:\ProgramData\Sophos\SAV Dynamic Interface\Temp\icap_
    }

    scanner {
    type: SAVI
    inprocess: YES
    savists: enableautostop 1 savigrp: grpsuper 1
    }
    }
    }

     

    My message from the wirecap.

     

     

     

    Here's the wirecap:

     

     

    And as you can see, there's no disconnect of the client, only after I receive the Server Error from the server. [Last entry]

  • In reply to Jeff Olsen:

    It only seems to affect normal files. (.exe, .com, etc)

    Does not affect .zip or .rar files. They work fine.