ProxyAV With Kaspersky Results in an ICAP_ERROR When Scanning the Chrome Installer File

book

Article ID: 168868

calendar_today

Updated On:

Products

ProxyAV Software - AVOS

Issue/Introduction

When scanning 46.0.2490.80_chrome_installer.exe, Kaspersky fails scan with icap_error.

The 'Maximum total number of files in archive' is set to 10000 but it does not look like the file contains more than 10000.

When using McAfee or Sophos, 46.0.2490.80_chrome_installer.exe can be scanned without icap_error.





 

Cause

The archive contains 260k+ files. It is a multilingual installer, and it contains 53 languages, 5k files each. Kaspersky can counts archive number in language pack file. In this particular case there are indeed that many files. 
 

Resolution

Because this issue is caused by a a limitation in how the Kaspersky engine is used to scan data, the only resolution to this issue is to negate processing of the file. There are two methods to accomplish this:
  1. If you are running Content Analysis 1.3.5 or later, you can add a hash of the Chrome installation file to the manual whitelist.
  • Using your preferred file hash generator, (Blue Coat does not provide one) use the installation file to generate a file hash.
  • Log in to your Content Analysis management console, and browse to Services > Whitelist/Blacklist
  • Paste the hash into the Whitelist box, Add Hash to Whitelist, and click Add.
** Verify that the File reputation > Custom Whitelist/Blacklist license is enabled in System > Licensing.
  1. If you are running an earlier release of Content Analysis, you will need to exempt the file from being ICAP scanned. 
  • Review the topic, Exempt Trusted File Types and Sources in online help for Content Analysis for help with this solution.