cancel
Showing results for 
Search instead for 
Did you mean: 
itsec
Level 7

trustedsource weirdness..

One of my users reported a blocked website which they needed to access - www.aircreek.com

Block details: 

Blocked as categorised as Spam URL:

URL: http://www.aircreek.com/

Categories: Spam URLs

Reputation: 30

Block Reason: Blocked by URL filtering

The URL filter database on MWG  is 38099

So I logged into trustedsource.org and queried the domain.  I was redirected to mcafee/threat-intelligence which reported that:

Web Category: Spam URLs
Activation: 2010-06-05
Last Seen: 2009-02-19

Ok so far so normal....I then clicked on the dispute link and was taken to a trustedsource.url where I had to login again using the same creds.

I queried the domain again and was shown that the URL Filter database 38047 shows the domain as uncategorised URL/ reputation unverified.

So why the difference - are they not using the same database?  Appreciate I probably need to raise it with sites@mcafee.com also but was wondering whether anyone else had experienced this.

thanks

0 Kudos
2 Replies
btlyric
Level 12

Re: trustedsource weirdness..

There are two main DBs -- local (resident) and cloud.

My URL checker code shows that www.aircreek.com is classified as SPAM URLs in the Cloud DB, but is unknown/unverified in local DB for hostname and IP and cloud DB for IP.

Also, if you have the option enabled to do a reverse lookup on unclassified URLs, that adds another facet.

0 Kudos
itsec
Level 7

Re: trustedsource weirdness..

Thanks for the reply - forgot to specify that this is a resident DB that I did the lookup on.  The difference between the cloud & resident DBs explains this...I did a closer inspection of my rule set and options and discovered that  in my defualt settings I have checked to use online DB (cloud) if local DB yields no results

This would explain that although I have a rule to allow uncategorised URLS before the block rule, the site was still being blockedas was lokoing at the online DB.

Thanks for the pointer :-)

0 Kudos