browse by category or date

Short answer? Call your network administrator and report the incident. He did not pick up the phone? Send him email, cc his manager if you deem necessary .. Haha, I’m kidding. 😀

If you had the same problem as I did, you could advise your Network Administrator, or whoever maintaining the InterScan Web Security Suite (IWSS) to make small changes to IWSS configuration. You could advise them to follow either of the following steps, depending on your circumstances:

  1. Problem:You have set the action for the corrupted_zip parameter to “pass” in the [Scan-configuration] section in the intscan.ini file. However, IWSS continues to log the corrupted_zip_file events in the log file and send them to Control Manager (TMCM).

    To resolve this issue, please do the following:

    • Look for and open the intscan.ini file using a text editor.
    • Look for the “[http]” section and add the following parameter under it: “skipSpecificVirus=Corrupted_Zip_file”
    • Restart the IWSS daemon.
  2. Problem: When IWSS is used as the HTTP proxy, access to websites is blocked and the Corrupted_Zip_File error appears even if compressed files are not being downloaded.

    Microsoft Bing

    Solution: Some Web-servers compress the requested content (HTML, images, etc) using the GZIP-algorithm to decrease the amount of traffic. If such content is sent in multiple chunks, and VSAPI only has one chunk, it will exit with an error indicating that the archive is corrupted (CORRUPTED_ZIP_ERROR). The web browsers can handle that as they are rebuilding it in there cache space on their side.
    To avoid such situations, IWSS 3.0 and 3.1 include a new feature that modifies the Accept-Encoding header of the HTTP request to exclude GZIP from the supported encodings. This feature is controlled in the intscan.ini file by the [http]/ disallow_gzip_encoding parameter and is enabled by default (yes).

    • Please make sure that the parameter “disallow_gzip_encoding” is set to “yes”.
      If you change the value, you will have to restart the http daemon for the change to take effect. Use the following commands:
      /opt/trend/iwss/bin/S99ISproxy stop
      /opt/trend/iwss/bin/S99ISproxy start
    • If you are using an ICAP implementation as well (like squid, ISA, etc..), you will have to change your ICAP client settings to “don’t send the header Accept-Encoding: gzip”.

    This will reduce the instances of the contents being blocked and may increase bandwidth usage. Some web servers may ignore this setting and still return the compressed content.

Configuring InterScan Web Security Suite (IWSS) 3.x for Linux to stop sending corrupted_zip_file notifications
Unable to access web sites using InterScan Web Security Suite (IWSS) due to Corrupted_Zip_File issue

GD Star Rating

About Hardono

Hi, I'm Hardono. I am working as a Software Developer. I am working mostly in Windows, dealing with .NET, conversing in C#. But I know a bit of Linux, mainly because I need to keep this blog operational. I've been working in Logistics/Transport industry for more than 11 years.

No Comment

Add Your Comment