Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
4384 Views 12 Replies Latest reply: Nov 26, 2010 3:42 AM by michael_schneider RSS 1 2 Previous Next
dcaffrey Apprentice 90 posts since
Nov 19, 2009
Currently Being Moderated

Nov 23, 2010 10:38 AM

Rule Engine Error

Hi,

 

Getting a lot of the following errors today with sites that are Uncategoized and Unverified, is there any way to modify the rule to avoid this error ?

 

Thanks,

 

Dec

 

URL: http://www.ckan.net/
URL Categories:
Current Rule ID: 15381
Current Rule Name: Block URLs With Bad Reputation
Error Message: [WrongPropState] ARuleElem: RetrievePropertyValue: State of Property com.scur.engine.trustedsource.isunverified is kPropError.

  • michael_schneider McAfee SME 424 posts since
    Nov 14, 2009
    Currently Being Moderated
    1. Nov 23, 2010 10:41 AM (in response to dcaffrey)
    Re: Rule Engine Error

    Hi Dec,

     

    this is due to the fact, that the TS SDK couldn't get the status of an URL from the cloud due to connectivity issues. This is an unfortunate behaviour that for the time being can only be resolved by disabling Cloud lookups. We are resolving this error in 7.0.2 by adding the possibility to react upon this error and not block in this case.

     

    best,

    Michael


    --
    CISSP
    Sr. Product Manager Web Security
    Network Security BU

    **no personal messages please, unless requested**
  • michael_schneider McAfee SME 424 posts since
    Nov 14, 2009
    Currently Being Moderated
    3. Nov 24, 2010 3:43 AM (in response to dcaffrey)
    Re: Rule Engine Error

    Hi Dec,

     

    It#s working here. Plese do me the favour and go to the shell of your MWG appliance.

    From there do:

     

    host tunnel.web.trustedsource.org

     

    This should give you an output like:

    mcapfelchen:~ michaelschneider$ host tunnel.web.trustedsource.org
    tunnel.web.trustedsource.org has address 161.69.165.6
    

     

    Now try to ping the IP:

    mcapfelchen:~ michaelschneider$ ping 161.69.169.6
    PING 161.69.169.6 (161.69.169.6): 56 data bytes
    64 bytes from 161.69.169.6: icmp_seq=0 ttl=47 time=26.478 ms
    64 bytes from 161.69.169.6: icmp_seq=1 ttl=47 time=22.737 ms
    64 bytes from 161.69.169.6: icmp_seq=2 ttl=47 time=24.253 ms
    64 bytes from 161.69.169.6: icmp_seq=3 ttl=47 time=22.554 ms
    64 bytes from 161.69.169.6: icmp_seq=4 ttl=47 time=22.991 ms

     

    check if you can connect to port 443 on this IP.

    telnet 161.69.169.6 443
    

     

    What do you get?

     

    Some additional Qs:

     

    Have you changed your network in terms of having MWG working in a proxy chain?

    Have you configured upstream proxies in MWG of any kind?

    Is MWG allowed to reach out directly to the internet on port 443?

     

    thanks,

    Michael


    --
    CISSP
    Sr. Product Manager Web Security
    Network Security BU

    **no personal messages please, unless requested**
  • michael_schneider McAfee SME 424 posts since
    Nov 14, 2009
    Currently Being Moderated
    5. Nov 24, 2010 5:16 AM (in response to dcaffrey)
    Re: Rule Engine Error

    Thanks for checking -  just for the purpose of this test, could you please enter the IP we have just found into the TS configuration you are using and modify it to match mine below?

    What happens then?

    TS.jpg

    So you know - I just used 'your' IP and it works here with this server.

     

    thanks,

    Michael


    --
    CISSP
    Sr. Product Manager Web Security
    Network Security BU

    **no personal messages please, unless requested**
  • michael_schneider McAfee SME 424 posts since
    Nov 14, 2009
    Currently Being Moderated
    7. Nov 24, 2010 7:40 AM (in response to dcaffrey)
    Re: Rule Engine Error

    Hello Dec,

     

    I will forward the results fo this discussion to the ops team in charge of the servers.

     

    The DNS checks are performed to add security in terms of if somebody is requesting an IP, we check if we have a URL for it, if somebody is requesting an URL we check if we find the IP in our categories.

     

    Unrated URLs are queued and are being processed by autoraters, if these yield no results they are processed manually.

     

    best,

    Michael


    --
    CISSP
    Sr. Product Manager Web Security
    Network Security BU

    **no personal messages please, unless requested**
  • michael_schneider McAfee SME 424 posts since
    Nov 14, 2009
    Currently Being Moderated
    9. Nov 24, 2010 9:08 AM (in response to dcaffrey)
    Re: Rule Engine Error

    Hi Dec,

     

    it is not only autorating! An autorate is attempted for certain categories that are easily definable, whereas a manual review by the global categorisation team is done in most cases, as a human interpretation is providing the best quality criteria you can get.  Think about a website where they talk about s*x and anatomic aspects all the time - just autorating it will be difficult, given that it could be a medical page where these topics are discussed.

     

    best,

    Michael


    --
    CISSP
    Sr. Product Manager Web Security
    Network Security BU

    **no personal messages please, unless requested**
1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points