Virus signature update file has not been digitally signed! Going from 8339 to 8340

Discussion in 'ESET NOD32 Antivirus' started by se2k, May 16, 2013.

Thread Status:
Not open for further replies.
  1. se2k

    se2k Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    8
    Location:
    Canada
    We have NOD32 Antivirus Business Edition v4.2.76.0 running throughout our organization (about 300 computers) and everyone is calling the Help Desk about a pop-up they are receiving from NOD32:

    "The virus signature update file has not been digitally signed! Do you wish to apply this update anyway? Do you want to use this update anyway?"

    I confirmed that this problem occurs when updating from 8339 to 8340 on all workstations.

    Why is this occurring? What should the users be selecting? Yes or No?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This error used to occur if update files were modified by a proxy server. Do the clients actually update from a local mirror and not from ESET's servers?
     
  3. se2k

    se2k Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    8
    Location:
    Canada
    All our clients update from our ESET Remote Admin server. We run the latest version (5.0.242.0).

    Nothing has changed on our workstations or servers and we've been using the same ESET versions for many months. This problem happened specifically when clients updated from 8339 to 8340. Since there has not been any newer update beyond 8340, I do not know if it will happen again.

    Is there any known issue with 8340 that may have caused this? What else could the problem be? A problem with our ERA server? We run a very strict validated environment so our servers are never modified or tweaked without lots of documentation.
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    do you have an internal proxy?

    There is a setting somewhere in the update settings for proxy - change that to "do not use proxy" - and see if it still errors.
     
  5. se2k

    se2k Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    8
    Location:
    Canada
    No, we do not have a proxy.
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Does your upstream network provider filter or proxy your connection in some fashion? I have seen ISPs who install a proxy as kind of a caching server to reduce their own bandwidth costs. This can sometimes cause problems with content such as virus signature database updates, frequently-updated web pages, streaming media and so forth.

    Regards,

    Aryeh Goretsky
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    There was a similar problem reported here: virus database 8336
    https://www.wilderssecurity.com/showthread.php?t=347116

    There were no upstream ISP issues noted. Clearing the update cache via the software sometimes helps. In this case it did not.

    Although the problem was resolved, it is still not clear where the missing definition file went.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We'd need a pcap log created using Wireshark with network communication captured while attempting to update such client.
     
  9. se2k

    se2k Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    8
    Location:
    Canada
    No, our network provider does not filter or proxy our connection.

    We've been running NOD32 for years and this has never happened. It happened specifically for ALL our 300+ workstations that all have an identical configurations (Same hardware, same OS, same versions of all software including NOD32). We are a VERY locked down and validated environment.

    On our ERA, I cleared the update cache and forced a re-download of the update but unfortunately by the time I did this, I had already sent out an email to all our users letting them know to click "Yes" to the prompt and most had already clicked the prompt and updated anyway.

    Later in the day, updating from 8340 to 8341 was fine.

    ...but it's disturbing that this happened.. especially since there is no real explanation why.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As I've mentioned above, in order to find out what happened in your network, we'll need to get the content of the mirror folder as well as a Wireshark log from an update attempt ending with the error. ESET also provides remote assistance and we can troubleshoot the issue by connecting to a troublesome client directly.
     
Thread Status:
Not open for further replies.