Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Mail Security: SMTP, POP3, Antispam and Antivirus
Reload this Page [v7.403]Malware detected
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-25-2009, 10:36 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 857
Default [v7.403]Malware detected
Hi All

There are couple of websites that astaro can't detect as spyware whereas my personal antivirus is.For example:
h**p://www.82zu.cn
h**p://www.fqwerz.cn/
h**p://www.goooogleadsence.biz/
h**p://94.247.2.195
h**p://www.d99q.cn/
h**p://www.orgsite.info/
h**p://www.lousecn.cn

The above urls are among the Top 10 Malware Sites as reported by Google

Any ideas of why ASG 7.403 can't detect them as malicious sites?
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
Last edited by wingman; 06-25-2009 at 10:55 PM.
Reply With Quote
  #2 (permalink)  
Old 06-25-2009, 10:46 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
When you say it doesn't detect them, what phenomenon do you observe that leads you to that conclusion?
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #3 (permalink)  
Old 06-25-2009, 10:56 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 857
Default
Well normall when I visit such a website, the site it's being blocked by saying Malicious Sites not allowed. (for example when trying to visit: h**p://googleanalytics.net/)
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
Reply With Quote
  #4 (permalink)  
Old 06-25-2009, 11:23 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
h**p://googleanalytics.net/ doesn't even exist for me. Nor does www.82zu.cn. I wonder if your personal tool is referencing a list of sites that includes some which no longer exist? That would cause it to flag a site even before attempting to run it through the Astaro. Check them on: Domain Dossier - Investigate domains and IP addresses, get owner and registrar information, see whois and DNS records

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #5 (permalink)  
Old 06-25-2009, 11:51 PM
Billybob's Avatar
Wizard
  
Join Date: Jul 2006
Location: United States
Posts: 637
Default
This is what I am getting on 7.46 (sorry that is all I have at home). I was feeling a little brave so I disabled the categorization and Reputation check. None of the sites loaded besides the two below. Even then the avira scan got em. They are also listed as Malicious websites in content filter log.

fqwerz.cn... Blocked infected with HTML/Rce.Gen
d99q.cn... Blocked infected with HTML/Rce.Gen

The others didn't load.
Last edited by Billybob; 06-26-2009 at 12:07 AM. Reason: forgot to mention reputation filter.
Reply With Quote
  #6 (permalink)  
Old 06-26-2009, 07:56 AM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 857
Default
Quote:
Originally Posted by BAlfson View Post
h**p://googleanalytics.net/ doesn't even exist for me. Nor does www.82zu.cn. I wonder if your personal tool is referencing a list of sites that includes some which no longer exist? That would cause it to flag a site even before attempting to run it through the Astaro. Check them on: Domain Dossier - Investigate domains and IP addresses, get owner and registrar information, see whois and DNS records

Cheers - Bob
That's strange cause When I've tried them yesterday,there were all working fine.. I can confirm that few of them don't work anymore

However, running v7.404 (updated last night) still doesn't report those sites as infected.

fqwerz.cn...
d99q.cn...

It's my nod32 that blocks the traffic and not ASTARO (attached)

I am running pattern version 9915

The full list of the top 10 malwares is takes from : Google Online Security Blog: Top 10 Malware Sites
Attached Images
File Type: jpg fqwerz.cn.jpg (50.9 KB, 3 views)
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
Reply With Quote
  #7 (permalink)  
Old 06-26-2009, 01:56 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
Like I said, Wingman, I bet your software isn't blocking things from entering; it's blocking your requests to the sites. You had the impression the sites were active when they were already down. Billybob's experiment confirms that the Astaro is blocking when a site sends bad stuff.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #8 (permalink)  
Old 06-26-2009, 03:33 PM
Wizard
  
Join Date: Oct 2005
Posts: 2,431
Default
Yeah, sounds like the NOD32 is blocking the requests before they "leave" the browser.... I can verify BillyBob's results. Everything is working as it should be.
__________________
Convergent Information Security Solutions, LLC
Astaro Preferred Solution Partner
Reply With Quote
  #9 (permalink)  
Old 06-26-2009, 06:30 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 857
Default
thanks ppl for the clarification. I've tried it on a different computer that runs avast and indeed ASG blocks the websites
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 06:41 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.