Summary
Some compressed files or third-party products cannot be downloaded through IWSS. The HTTP Log shows Corrupted_Zip_File every time a file is downloaded. This occurs even though Deferred Scanning is selected.
When IWSS encounters a corrupted compressed file, it performs the action indicated in the settings of the intscan.ini file.
Details
To resolve this issue, please do the following:
Option I: Exclude the URL from where the file is downloaded
- Identify the URL by opening the access log under the ..IWSS\Log directory or opening the tb_url_usage and tb_violation tables of the IWSS database with query tools.
- Add the URL in the intscan.ini file.
- Using a text editor, open the file from the ..\IWSS directory.
- Look for the "client_skip_content=Host" parameter.
- Add the URL. Separate multiple URLs with commas.
For example, client_skip_content=Host: www.companyA.com. - Save the settings and close the file.
- Restart the Trend Micro IWSS for HTTP services.
Option II: Exclude the file type from the download
- Identify the file type from the User-Agent entry in the packet header.
- Use a packet sniffer to capture the traffic going through the IWSS server.
- Add the file type in the intscan.ini file.
- Using a text editor, open the file from the ..\IWSS directory.
- Look for the "client_skip_content=User-Agent" parameter.
- Add the file type.
For example, client_skip_content=User-Agent: AgentName, Host: www.companyA.com. - Save the settings and close the file.
- Restart the Trend Micro IWSS for HTTP services.
