w3.org Spam?

[hs-admin]

I'm getting a huge volume of blocks from a machine trying to call out to w3.org every 1-2 minutes. I've checked the IP and it is listed with w3.org. The filter is putting it in the Spam category. I've done virus scans as well as scanned with Malware Bytes and Super Anti-Spyware. All come up with nothing.

Has anyone else experienced this?

[hs-admin]

Finally solved. Like suspected it was a virus of sorts. Removed with Panda AV.

[f1assistance]

Quote:

Originally Posted by hs-admin

Finally solved. Like suspected it was a virus of sorts. Removed with Panda AV.

Please do tell...it sounds like you used several tools in your bag of tricks. Did you use Panda's online scanner?

[hs-admin]

Well I thought this was solved but looking at the logs again this afternoon its doing it again. Its very sequential in its attempts. I included a sample of whats coming up in the Even Log.
Anyone have a suggestion? False positive?

2012-01-12 8:24:35 pm
172.16.4.8
www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
true
true
in Categories Block list
Spam
128.30.52.37

2012-01-12 8:23:30 pm
172.16.4.8
www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
true
true
in Categories Block list
Spam
128.30.52.37

2012-01-12 8:21:36 pm
172.16.4.8
www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
true
true
in Categories Block list
Spam
128.30.52.37

2012-01-12 8:19:37 pm
172.16.4.8
www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
true
true
in Categories Block list
Spam
128.30.52.37

[hs-admin]

This is the output from zvelo.com's "test-a-site" service:

w3.org Technology (General), Advocacy Groups & Trade Associations No Known Risk zvelodb-v3

www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd Spam Possible Risk zvelodb-v3

[dmorris]

Try flushing the categorization cache in Web Filter, and then in your browser and then hitting that URL.

[hs-admin]

Thanks for the reply, I emptied the filter cache. Is the browser cache empty and hitting the URL to be done on the problematic machine?

[dmorris]

Quote:

Originally Posted by hs-admin

Thanks for the reply, I emptied the filter cache. Is the browser cache empty and hitting the URL to be done on the problematic machine?

Any machine behind Untangle should be fine. Are you just testing? What are you trying to do?

[hs-admin]

I'm currently off site at the moment. I thought I had this solved earlier and happened to check again and the machine is still acting up.
I'm trying to figure out why it is calling w3.org in 1 and 2 minute intervals (roughly) which web filter is then categorizing and blocking as Spam. I have 1k+ blocks on it from the day, sort of filling up my event viewer. I thought at first of malware/spyware infection but all the scanners I've had the owner (non school owned laptop) run have come up with little or nothing.

[dmorris]

Quote:

Originally Posted by hs-admin

I'm currently off site at the moment. I thought I had this solved earlier and happened to check again and the machine is still acting up.
I'm trying to figure out why it is calling w3.org in 1 and 2 minute intervals (roughly) which web filter is then categorizing and blocking as Spam. I have 1k+ blocks on it from the day, sort of filling up my event viewer. I thought at first of malware/spyware infection but all the scanners I've had the owner (non school owned laptop) run have come up with little or nothing.

Oh, well I'd just flush your category cache. It doesn't sound like its categorized as Spam anymore so it probably just was the first time you checked. My guess was that it was a miscategorization at one point or something.

I wouldn't worry about that URL, many things references the w3.org DTDs and I don't think a client downloading that is any reason to be alarmed.