Web Pages are Being Incorrectly Blocked

Problem

Clients report that some Web pages are being blocked with a warning that a corrupted zip file was detected.  

Reason

Certain Web pages, for example www.yahoo.com and sites using .php scripts, may include gzip-encoded content that lacks valid CRC information. IWSVA considers such content to be malformed gzip files and will block the content.

Solution

You can resolve this issue in any of three ways:

1. Have clients disable the Use HTTP 1.1 option in their browser settings.

2. Tip: copy/paste the instructions below in an email notification to your clients to explain the work-around. Using Internet Explorer 7.0 and later. In the Internet Explore menu, click Tools > Internet Options and then the Advanced tab. Scroll down the Settings list and locate the HTTP 1.1 Setting. Remove the check from the HTTP 1.1 options and then click OK.

3. Note: This work-around is the most secure method; IWSVA will continue to scan traffic from the target site for viruses and malicious content.

2. Add the Web site(s) that clients are reporting to the IWSVA Trusted URL list: HTTP > URL Access Control > Global Trusted URLs.  

3. Caution: Content received from URLs on this page is not scanned or filtered.

3. Configure IWSVA to allow ”corrupted zip” files to pass instead of blocking them:

1. Open a Linux shell on the IWSVA server to edit the IWSVA config file.

   IWSVA provides a native Command Line Interface (CLI) to perform system monitoring, system administration, debug, troubleshooting functions and more through a secure shell or a direct console connection. Please refer to Administration Guide or CLI help for details to perform system monitoring, system administration, debug, and troubleshooting functions.

2. Change to the /var/iwss/ directory and open the intscan.ini file.

3. Locate the parameter, ”corrupted_zip=delete” and change it to ”corrupted_zip=pass”