2 Replies Latest reply on Jan 29, 2013 5:47 AM by itsec

    trustedsource weirdness..

    itsec

      One of my users reported a blocked website which they needed to access - www.aircreek.com

       

      Block details: 

      Blocked as categorised as Spam URL:

      URL: http://www.aircreek.com/

      Categories: Spam URLs

      Reputation: 30

      Block Reason: Blocked by URL filtering

       

      The URL filter database on MWG  is 38099

       

      So I logged into trustedsource.org and queried the domain.  I was redirected to mcafee/threat-intelligence which reported that:

      Web Category: Spam URLs
      Activation: 2010-06-05
      Last Seen: 2009-02-19

       

      Ok so far so normal....I then clicked on the dispute link and was taken to a trustedsource.url where I had to login again using the same creds.

      I queried the domain again and was shown that the URL Filter database 38047 shows the domain as uncategorised URL/ reputation unverified.

       

      So why the difference - are they not using the same database?  Appreciate I probably need to raise it with sites@mcafee.com also but was wondering whether anyone else had experienced this.

      thanks

        • 1. Re: trustedsource weirdness..
          btlyric

          There are two main DBs -- local (resident) and cloud.

           

          My URL checker code shows that www.aircreek.com is classified as SPAM URLs in the Cloud DB, but is unknown/unverified in local DB for hostname and IP and cloud DB for IP.

           

          Also, if you have the option enabled to do a reverse lookup on unclassified URLs, that adds another facet.

          1 of 1 people found this helpful
          • 2. Re: trustedsource weirdness..
            itsec

            Thanks for the reply - forgot to specify that this is a resident DB that I did the lookup on.  The difference between the cloud & resident DBs explains this...I did a closer inspection of my rule set and options and discovered that  in my defualt settings I have checked to use online DB (cloud) if local DB yields no results

             

            This would explain that although I have a rule to allow uncategorised URLS before the block rule, the site was still being blockedas was lokoing at the online DB.

            Thanks for the pointer :-)