One of my users reported a blocked website which they needed to access - www.aircreek.com
Blocked as categorised as Spam URL:
Categories: Spam URLs
Block Reason: Blocked by URL filtering
The URL filter database on MWG is 38099
So I logged into trustedsource.org and queried the domain. I was redirected to mcafee/threat-intelligence which reported that:
Web Category: Spam URLs
Last Seen: 2009-02-19
Ok so far so normal....I then clicked on the dispute link and was taken to a trustedsource.url where I had to login again using the same creds.
I queried the domain again and was shown that the URL Filter database 38047 shows the domain as uncategorised URL/ reputation unverified.
So why the difference - are they not using the same database? Appreciate I probably need to raise it with firstname.lastname@example.org also but was wondering whether anyone else had experienced this.
There are two main DBs -- local (resident) and cloud.
My URL checker code shows that www.aircreek.com is classified as SPAM URLs in the Cloud DB, but is unknown/unverified in local DB for hostname and IP and cloud DB for IP.
Also, if you have the option enabled to do a reverse lookup on unclassified URLs, that adds another facet.
Thanks for the reply - forgot to specify that this is a resident DB that I did the lookup on. The difference between the cloud & resident DBs explains this...I did a closer inspection of my rule set and options and discovered that in my defualt settings I have checked to use online DB (cloud) if local DB yields no results
This would explain that although I have a rule to allow uncategorised URLS before the block rule, the site was still being blockedas was lokoing at the online DB.
Thanks for the pointer :-)