Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Untangler
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    80

    Default McAfee Updates being blocked by Virus Blocker

    Platform is Untangle (auto-upgrade from 5.3~5.4) 6.0.1.

    Is anyone else seeing these show up in their reports lately?

    Code:
    Timestamp:   12/14/08 4:59 AM
    User:   xxx.xxx.x.xxx
    Virus Name:   Sanesecurity.Phishing.Bank.2605
    Server:   213.155.157.2
    Client:   xxx.xxx.x.xxx
    Host:   update.nai.com
    Port:   80
    update.nai.com is where our McAfee VirusScan Enterprise installs get their updates from.. so this is not something I like to see
    It appears this started on the day before saturday (2008-12-13 (Saturday)).
    Last edited by Xolo; 12-16-2008 at 04:39 AM. Reason: Added start date
    Our Current Platform [INACTIVE Until further notice - finally in a new building!]
    ---------------------------------
    Intel Desktop Board type D865GVHZ + Intel P4 3.0Ghz HT, 2GB Dual-channel RAM, 40GB HDD, 3x3Com 309x 10/100 PCI, 3Mbit 4 to 1 Business Cable, roughly 500 users and 220 machines and growing.
    ---------------------------------
    Please make use of the Untangle Bugzilla to vote for and report issues/requests!!

  2. #2
    Untangle Ninja hescominsoon's Avatar
    Join Date
    Sep 2007
    Posts
    1,708

    Default

    Quote Originally Posted by Xolo View Post
    Platform is Untangle (auto-upgrade from 5.3~5.4) 6.0.1.

    Is anyone else seeing these show up in their reports lately?

    Code:
    Timestamp:   12/14/08 4:59 AM
    User:   xxx.xxx.x.xxx
    Virus Name:   Sanesecurity.Phishing.Bank.2605
    Server:   213.155.157.2
    Client:   xxx.xxx.x.xxx
    Host:   update.nai.com
    Port:   80
    update.nai.com is where our McAfee VirusScan Enterprise installs get their updates from.. so this is not something I like to see
    It appears this started on the day before saturday (2008-12-13 (Saturday)).
    just whiltelist nai.com. The updates do have virus signatures in them..

  3. #3
    Untangle Ninja juank's Avatar
    Join Date
    Aug 2007
    Location
    Athens
    Posts
    1,474

    Default

    We're not seeing those problems in here.
    --------------------------------
    Juan Machado
    --------------------------------

  4. #4
    Untangler
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    80

    Default

    Whitelisting is an idea, but I hope that you understand that I do not see it address the root cause.
    As I do not have any more information i'm stuck with what I have.
    I need to find out why this started to become a problem, it has not happened before.
    Our Current Platform [INACTIVE Until further notice - finally in a new building!]
    ---------------------------------
    Intel Desktop Board type D865GVHZ + Intel P4 3.0Ghz HT, 2GB Dual-channel RAM, 40GB HDD, 3x3Com 309x 10/100 PCI, 3Mbit 4 to 1 Business Cable, roughly 500 users and 220 machines and growing.
    ---------------------------------
    Please make use of the Untangle Bugzilla to vote for and report issues/requests!!

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,245

    Default

    It's just a miscategorized site in the phishing list. I'm personally just laughing that it nuked mcafee. That app nukes itself without any help.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangle Ninja juank's Avatar
    Join Date
    Aug 2007
    Location
    Athens
    Posts
    1,474

    Default

    sky-night,

    Are you sure? I just doubled checked and we''re not being blocked by the anti-phishing module when trying to get updates from update.nai.com, but I can clearly see Xolo's post

    Timestamp: 12/14/08 4:59 AM
    User: xxx.xxx.x.xxx
    Virus Name: Sanesecurity.Phishing.Bank.2605
    Server: 213.155.157.2
    Client: xxx.xxx.x.xxx
    Host: update.nai.com
    Port: 80
    --------------------------------
    Juan Machado
    --------------------------------

  7. #7
    Untangler
    Join Date
    Sep 2008
    Posts
    30

    Default

    when I check update.nai.com on IE browser getting message "Error: Access is Denied." I am sure this message is not from UT
    Last edited by nishad; 12-16-2008 at 10:39 PM.

  8. #8
    Master Untangler
    Join Date
    Apr 2008
    Posts
    346

    Default

    Quote Originally Posted by nishad View Post
    when I check update.nai.com on IE browser getting message "Error: Access is Denied." I am sure this message is not from UT
    Please note: This is not the full address that is used for the updates of the product.

  9. #9
    Untangler
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    80

    Default

    Quote Originally Posted by hescominsoon View Post
    just whiltelist nai.com. The updates do have virus signatures in them..
    This may be a dumb answer; but the Virus Blocker module does not have a whitelist. I forgot to mention that the other day.
    Our Current Platform [INACTIVE Until further notice - finally in a new building!]
    ---------------------------------
    Intel Desktop Board type D865GVHZ + Intel P4 3.0Ghz HT, 2GB Dual-channel RAM, 40GB HDD, 3x3Com 309x 10/100 PCI, 3Mbit 4 to 1 Business Cable, roughly 500 users and 220 machines and growing.
    ---------------------------------
    Please make use of the Untangle Bugzilla to vote for and report issues/requests!!

  10. #10
    Untangler
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    80

    Default

    Quote Originally Posted by sky-knight View Post
    It's just a miscategorized site in the phishing list. I'm personally just laughing that it nuked mcafee. That app nukes itself without any help.
    This surprises me.. The event log entry I posted was copied from the Virus Blocker module, not the Phishing module.
    How did you discover this?
    Our Current Platform [INACTIVE Until further notice - finally in a new building!]
    ---------------------------------
    Intel Desktop Board type D865GVHZ + Intel P4 3.0Ghz HT, 2GB Dual-channel RAM, 40GB HDD, 3x3Com 309x 10/100 PCI, 3Mbit 4 to 1 Business Cable, roughly 500 users and 220 machines and growing.
    ---------------------------------
    Please make use of the Untangle Bugzilla to vote for and report issues/requests!!

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2