Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37
  1. #11
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,130

    Default

    Should be in effect now.

  2. #12
    Untanglit
    Join Date
    Feb 2015
    Posts
    28

    Default

    Quote Originally Posted by Sam Graf View Post
    Should be in effect now.
    I just added icloud.com to the pass list on my busiest box. It still hasn't updated and my inbox is crying.

  3. #13
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,130

    Default

    Try clearing the Web Filter cache (advanced tab).

  4. #14
    Untangler
    Join Date
    Oct 2014
    Posts
    40

    Default

    This is somewhat annoying for sure. I can understand how the web filtering service might be blocking it, but when adding icloud to the pass sites I still get blocked or notified at least as well. That to me has to be an Untangle issue.

  5. #15
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,201

    Default

    The problem is icloud uses multiple domains which all have to be bypassed to get 100% pass rate. Reports will show all the domains used.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #16
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    (as will the actual alert email)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #17
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,798

    Default

    Quote Originally Posted by gsilver View Post
    Not sure why this rubs me the wrong way...but it does. Why would such a well known domain be categorized like this? its *.icloud.com not just one obscure subdomain.
    This is because ANYONE can can get an icloud account and put any kind of junk there they want. Specific icloud addresses must be scanned, or the whole service becomes an easy place to stash malware. It would insane to just assume all of icloud is safe.

    In this case, that's most likely exactly what someone tried to do. A malicious actor set up an icloud account and tried to use it to distribute some portion of a malware system. ZVelo's picked on the signature automatically and responded. Specifically, it wasn't all of *.icloud.com that was flagged, but only the specific pxx-keyvalueservice.icloud.com subdomain.
    Last edited by jcoehoorn; 02-02-2018 at 12:08 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  8. #18
    Newbie
    Join Date
    Feb 2018
    Posts
    3

    Default

    Youch. 700 emails and climbing. Want to give me the email address of the list provider, I'll gladly forward them!

  9. #19
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    You can disable that alert (and others) in config > events > alerts
    You can also limit its frequency if desired
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  10. #20
    Untanglit
    Join Date
    Feb 2015
    Posts
    28

    Default

    Quote Originally Posted by jcoehoorn View Post
    This is because ANYONE can can get an icloud account and put any kind of junk there they want. Specific icloud addresses must be scanned, or the whole service becomes an easy place to stash malware. It would insane to just assume all of icloud is safe.

    In this case, that's most likely exactly what someone tried to do. A malicious actor set up an icloud account and tried to use it to distribute some portion of a malware system. ZVelo's picked on the signature automatically and responded. Specifically, it wasn't all of *.icloud.com that was flagged, but only the specific pxx-keyvalueservice.icloud.com subdomain.
    When I checked icloud.com on Zvelo's website it did appeare that all of icloud.com was flagged. I'm getting notifications that a lot of different child domains are being blocked.

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2