Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Non-malware files are unexpectedly blocked in InterScan Web Security Virtual Appliance (IWSVA) 6.5 Service Pack 2

    • Updated:
    • 28 Nov 2018
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

InterScan Web Security Virtual Appliance (IWSVA) 6.5 Service Pack 2 occasionally blocks compressed files although they are not malware files.

Those that are blocked are shown as "Failed_Extract_File" in the scan results.

This article explains when a "Failed_Extract_File" scan result occurs and gives you the workaround steps to skip the block.

Details
Public

IWSVA returns the read error (return code:-96/-94) when scanning under the following circumstances:

In such cases, the IWSVA's scan result for the files is "Failed_Extract_File" and they are blocked by default because they might be malicious.

If you want IWSVA not to block them, do the following:

  1. Log on to IWSVA as root via SSH (for example with a SSH shell such as PuTTy).
  2. Create a backup copy of /etc/iscan/IWSSPIScanVsapi.dsc:

    # cp /etc/iscan/IWSSPIScanVsapi.dsc /etc/iscan/IWSSPIScanVsapi.dsc.bak

  3. Use vi to edit the file /etc/iscan/IWSSPIScanVsapi.dsc:

    # vi /etc/iscan/IWSSPIScanVsapi.dsc

  4. Add the following line in the [Scan-configuration] section.

    skip_read_error=yes

  5. Save the file and quit.
  6. Run the following commands to restart the FTP/HTTP scan services:

    # /etc/iscan/S99ISftp stop
    # /etc/iscan/S99ISftp start

    # /etc/iscan/S99ISproxy stop
    # /etc/iscan/S99ISproxy start

Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1121586
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.