Proxy PB with Returnil Virtual System 2010 GAOTD

Hi there,

I grabbed yesterday Returnil Virtual System 2010 from GAOTD and installed it successfully.

The license issue aside, Returnil is running on a Windows XP box behind a proxy firewall (Squid) on another box.

I entered the proxy ip, port and the correct authentication but in c:\windows\rvs3.log, I have the following errors:

Code:

2009-10-19 22:28:25 err    WebServerHandler::ProcessIncomingCommands[22C]: Authentication error
2009-10-19 22:28:25 err    COMM[22C]: failed to fetch https://n1.p.returnilvirtualsystem.com/1/a/355C8BE8E4251E8E319AD11B018ADDBB
2009-10-19 22:28:25 err    COMM[22C]: failed to fetch https://n1.p.returnilvirtualsystem.com/1/a/355C8BE8E4251E8E319AD11B018ADDBB
2009-10-19 22:28:25 err    COMM[22C]: failed to fetch https://n1.p.returnilvirtualsystem.com/1/a/355C8BE8E4251E8E319AD11B018ADDBB
2009-10-19 22:28:25 err    COMM[22C]: failed to fetch https://n1.p.returnilvirtualsystem.com/1/a/355C8BE8E4251E8E319AD11B018ADDBB
2009-10-19 22:28:25 err    COMM[22C]: failed to fetch https://n1.p.returnilvirtualsystem.com/1/a/355C8BE8E4251E8E319AD11B018ADDBB
2009-10-19 22:28:25 err    COMM[22C]: failed to fetch https://91.193.166.92/1/a/355C8BE8E4251E8E319AD11B018ADDBB
2009-10-19 22:28:25 err    COMM[22C]: failed to fetch https://91.193.166.92/1/a/355C8BE8E4251E8E319AD11B018ADDBB
2009-10-19 22:28:25 err    COMM[22C]: failed to fetch https://91.193.166.92/1/a/355C8BE8E4251E8E319AD11B018ADDBB
2009-10-19 22:28:25 err    COMM[22C]: failed to fetch https://91.193.166.92/1/a/355C8BE8E4251E8E319AD11B018ADDBB
2009-10-19 22:28:26 err    COMM[22C]: failed to fetch https://91.193.166.92/1/a/355C8BE8E4251E8E319AD11B018ADDBB

I tried to remove the proxy parameters and connect directly to your servers but these parameters are still reappearing even after pressing the OK button.

For now, Returnil does not want to update the virus signatures and I am stuck with the initial database.

Any thought

 

Hi red_dolphin and welcome to the forums

Please check to make sure you are allowing RVS to communicate through your firewall or HIPS program. Also, what is the status of your registration (does the GUI show "Pending" in the lower left corner of the UI)?

Thanks
Mike

 

Hi Mike,

Thanks for your prompte answer.

Yes, RVS has access to the Internet through my firewall authentication http proxy (a plain vanilla SQUID proxy). I checked the username and password.

Yes, the GUI shows "Request pending" in the lower left corner.

I tried to reinstall RVS but the GUI still shows the initial proxy parameters.

Is there a way to manually modify the configuration files?

I would like to add a rule to my firewall (on a different box) to allow RVS a direct connection (and not through SQUID) to 91.193.166.92.

Regards

 

Hi, Sorry for the delayed reply. I am checking with the team on this and will get back to you as soon as possible.

thanks
Mike

 

Hi red_dolphin,
Please try one or both of the following and let me know if the issue is resolved:

Scenario 1 (more likely):

After the above, check your firewall log(s) to see the entries when you click the Verify Connection button in preferences

Scenario 2 (less certain):

Mike

 

Hi Mike,

I already tried scenario 1 at no avail.

Scenario 2 is not an option. What would be the point of a remote firewall authentification proxy?

Deleting the proxy IP and port works but not unchecking "proxy authentification" nor deleting the username and password entries .

I bumped into another issue: I created the virtual drive (Z) and listed some folders in the file manager including my current anti-virus and anti-malware.

My problem is that in the previous install the virtual drive letter was Y. RVS moved some files from the listed folders to Y: and not to Z:. The files were lost.

That messed up my install. I had to deinstall and reinstall my anti-virus and anti-malware.

I uninstalled RVS and will not reinstall it until you provide me with a viable solution to clean up my system from the previous installs.

Regards