We see a following problem: Some URLs are categorized to category "Malicious Sites"
though due to McAfee TrustedSource hey are an uncategorized URLs.
http://www.helpgreekanimals.org/index.php?option=com_content Malicious Sites
Moreover, there's an influence of setting "Do a forward DNS lookup to rate URL" in settings URL.categories<Default>
When we disable this categorization for all above URLs is OK (though FQDN part of URL is the same)
Why has DNS lookup an effect when just changing the path part of URL?
Why are these URL categorized as "Malicious Sites" though not listed at McAfee TrustedSource?
When enabling "Do a forward DNS lookup to rate URLs", is enabled, the DNS lookup will be made for URLs that no relevant information was found for. When this is the case the IP address that is found will be used for another lookup. So even if the domain name is ok, the IP address can be untrusted or malicious, then you will get the block.
It seems like this happens if an IP address used to be used for a malicious website but has been repurposed. I can't figure out why the URI has anything to do with the request, though. I'm equally stumped and until I figure it out, I'm keeping that option disabled.
In these situations, the first priority should be to get the base domain categorized (www.trfv.de).
This issue IS occurring because of the forward lookup.
hxxp://220.127.116.11 (uncategorized) - http://www.trustedsource.org/en/feedback/url?action=checksingle&product=14-ts&url=18.104.22.168
hxxp://22.214.171.124/index.php (Malicious) - http://www.trustedsource.org/en/feedback/url?action=checksingle&product=14-ts&url=126.96.36.199%2Fin...
MWG will use the path of the URL along with the looked up IP address.
OK, since nowadays hundrets of webservers share one IP address this leads to false positives, I think we will disable this option, too.