I found command wget kept trying retrieve a virus file after failure because of the quarantine by firewall . And after some tries, the virus file was completely retrieved finally !!

I want to know this feature of the firewall is normal or not ? Macfee virus engine was used in the firewall.

Thanks heeps
CF

The thing may be buggy then, I suppose...

was the macafee updated.. does it have the latest .dat file... also what virus was it? would be interesting to know.

Break the virus into small enough pieces and it's patterns aren't recognizable anymore. Encryption would be another way to sneak it through a firewall.

Moving to Security.

The label said Window$ 95 or better, so i installed Linux!

They are not compressed and they are scanned by our ftp av deamon. But wget can break it pieces and it's patterns aren't recognizable anymore. That's exactly what zmedico saied.

Actually that's not the reason. The reason is that most gateway AV scanners will "trickle" the file to the client while they buffer it on the firewall to see if there's a virus. This means that before the file is fully downloaded into the firewall's buffer, a little bit of it is downloaded by wget (this is to prevent time-outs while the firewall is buffering). Once the AV scanner on the firewall can scan the full file, it realizes there's a virus and terminates the connection. If you have wget set to resume downloads, it will start over from where it left off. This time it will get a little more of the file before the AV scanner can buffer it and scan it again. Keep repeating this many times and you'll eventually succeed in constructing the entire virus with wget.

The only way to stop this is to turn off the "trickle" option on the AV firewall. Of course, that could cause downloads to time-out on large files because your client would give up before the firewall has finished buffering the file to scan it.

Er, wouldn't the more pressing question be: why was wget trying to download a virus?