Application Control: 2013:09:13-15:35:00 sophos afcd[4941]: CIFS (nfmark 00000048): 88 packets, 88 connections 2013:09:13-15:35:00 sophos afcd[4941]: DNS (nfmark 0000007c): 4284 packets, 2120 connections 2013:09:13-15:35:00 sophos afcd[4941]: DROPBOX (nfmark 0000007f): 290 packets, 290 connections 2013:09:13-15:35:00 sophos afcd[4941]: NETBIOS (nfmark 00000146): 103 packets, 103 connections 2013:09:13-15:35:00 sophos afcd[4941]: NTP (nfmark 0000015d): 3 packets, 3 connections 2013:09:13-15:35:00 sophos afcd[4941]: SMTP (nfmark 000001ca): 1 packets, 1 connections 2013:09:13-15:35:00 sophos afcd[4941]: packets: 11000 (6895 inspected, 1 skipped) 2013:09:13-15:35:00 sophos afcd[4941]: connections: 2657 (2605 classified) 2013:09:13-15:35:00 sophos afcd[26988]: _afc_cfg_file_plugin_parse: 997 protocols registered 2013:09:13-15:35:01 sophos afcd[26988]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so' 2013:09:13-15:35:01 sophos afcd[26988]: _afc_cfg_file_plugin_parse: 997 protocols registered 2013:09:13-15:35:01 sophos afcd[26999]: AFC ready. 2013:09:13-15:36:26 sophos afcd[26999]: vy_plugin: N: finalizing vineyard thread 2013:09:13-15:36:27 sophos afcd[26999]: STATUS: alert_lvl="GREEN" run_time=85 num_cts=0 pktps_avg=1.00 pktps_avg_max=1.40 skipped_pktps_avg=0.00 skipped_pktps_avg_max=0.00 connps_avg=0.00 connps_avg_max=0.60 rusage_sys=0.232 rusage_usr=0.016 2013:09:13-15:36:27 sophos afcd[26999]: DNS (nfmark 0000007c): 12 packets, 6 connections 2013:09:13-15:36:27 sophos afcd[26999]: DROPBOX (nfmark 0000007f): 2 packets, 2 connections 2013:09:13-15:36:27 sophos afcd[26999]: packets: 39 (32 inspected, 0 skipped) 2013:09:13-15:36:27 sophos afcd[26999]: connections: 9 (8 classified) 2013:09:13-15:36:27 sophos afcd[27077]: _afc_cfg_file_plugin_parse: 997 protocols registered 2013:09:13-15:36:28 sophos afcd[27077]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so' 2013:09:13-15:36:28 sophos afcd[27077]: _afc_cfg_file_plugin_parse: 997 protocols registered 2013:09:13-15:36:28 sophos afcd[27080]: AFC ready. 2013:09:13-17:01:43 sophos afcd[27080]: vy_plugin: N: finalizing vineyard thread 2013:09:13-17:01:44 sophos afcd[27080]: STATUS: alert_lvl="GREEN" run_time=5114 num_cts=0 pktps_avg=0.00 pktps_avg_max=30.16 skipped_pktps_avg=0.00 skipped_pktps_avg_max=0.20 connps_avg=0.00 connps_avg_max=13.98 rusage_sys=1.544 rusage_usr=0.892 2013:09:13-17:01:44 sophos afcd[27080]: CIFS (nfmark 00000048): 23 packets, 23 connections 2013:09:13-17:01:44 sophos afcd[27080]: DNS (nfmark 0000007c): 3055 packets, 1494 connections 2013:09:13-17:01:44 sophos afcd[27080]: DROPBOX (nfmark 0000007f): 31 packets, 11 connections 2013:09:13-17:01:44 sophos afcd[27080]: FTP (nfmark 000000a2): 265 packets, 10 connections 2013:09:13-17:01:44 sophos afcd[27080]: NETBIOS (nfmark 00000146): 27 packets, 27 connections 2013:09:13-17:01:44 sophos afcd[27080]: POP3 (nfmark 0000017a): 25 packets, 25 connections 2013:09:13-17:01:44 sophos afcd[27080]: packets: 6288 (5423 inspected, 4 skipped) 2013:09:13-17:01:44 sophos afcd[27080]: connections: 1797 (1590 classified) 2013:09:13-17:01:44 sophos afcd[964]: _afc_cfg_file_plugin_parse: 997 protocols registered 2013:09:13-17:01:45 sophos afcd[964]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so' 2013:09:13-17:01:45 sophos afcd[964]: _afc_cfg_file_plugin_parse: 997 protocols registered 2013:09:13-17:01:45 sophos afcd[967]: AFC ready. 2013:09:16-10:28:49 sophos afcd[4847]: _afc_cfg_file_plugin_parse: 997 protocols registered 2013:09:16-10:28:51 sophos afcd[4847]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so' 2013:09:16-10:28:51 sophos afcd[4847]: _afc_cfg_file_plugin_parse: 997 protocols registered 2013:09:16-10:28:51 sophos afcd[4961]: AFC ready. Web Filtering: 2013:09:16-12:21:07 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.3" dstip="131.253.34.240" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="199" request="0x16cd0ae8" url="https://ieonlinews.microsoft.com/" exceptions="av,ssl,fileextension,size" error="" category="105,175" reputation="trusted" categoryname="Business,Software/Hardware" content-type="binary/octet-stream" application="http" 2013:09:16-12:21:08 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.3" dstip="65.55.57.27" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x16ce9610" url="http://www.microsoft.com/atwork/community/rss.xml" exceptions="av,ssl,fileextension,size" error="" category="105,175" reputation="trusted" categoryname="Business,Software/Hardware" 2013:09:16-12:21:08 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x16ce9010" function="connection_is_rtmp" file="request.c" line="699" message="failed peeking connection: Connection reset by peer" 2013:09:16-12:21:08 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x16ce9610" function="connection_is_rtmp" file="request.c" line="699" message="failed peeking connection: Connection reset by peer" 2013:09:16-12:21:08 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x16cd0ae8" function="connection_is_rtmp" file="request.c" line="699" message="failed peeking connection: Connection reset by peer" 2013:09:16-12:21:29 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="24" request="0xed43e30" url="http://95.211.37.203/din.aspx?s=59932672&id=206991372&client=DynGate&p=10000168" exceptions="" error="" category="142" reputation="neutral" categoryname="Remote Access" content-type="application/octet-stream" application="http" 2013:09:16-12:21:30 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xed43830" url="http://95.211.37.203/dout.aspx?s=59932672&p=10000169&client=DynGate" exceptions="" error="" reputation="neutral" category="142" reputation="neutral" categoryname="Remote Access" 2013:09:16-12:21:56 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="24" request="0xed43e30" url="http://95.211.37.203/din.aspx?s=59932672&id=206991372&client=DynGate&p=10000169" exceptions="" error="" category="142" reputation="neutral" categoryname="Remote Access" content-type="application/octet-stream" application="http" 2013:09:16-12:21:58 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xed43830" url="http://95.211.37.203/dout.aspx?s=59932672&p=10000170&client=DynGate" exceptions="" error="" reputation="neutral" category="142" reputation="neutral" categoryname="Remote Access" 2013:09:16-12:22:23 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="24" request="0xed43e30" url="http://95.211.37.203/din.aspx?s=59932672&id=206991372&client=DynGate&p=10000170" exceptions="" error="" category="142" reputation="neutral" categoryname="Remote Access" content-type="application/octet-stream" application="http" 2013:09:16-12:22:25 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xed43830" url="http://95.211.37.203/dout.aspx?s=59932672&p=10000171&client=DynGate" exceptions="" error="" reputation="neutral" category="142" reputation="neutral" categoryname="Remote Access" 2013:09:16-12:22:51 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="24" request="0xed43e30" url="http://95.211.37.203/din.aspx?s=59932672&id=206991372&client=DynGate&p=10000171" exceptions="" error="" category="142" reputation="neutral" categoryname="Remote Access" content-type="application/octet-stream" application="http" 2013:09:16-12:22:52 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xed43830" url="http://95.211.37.203/dout.aspx?s=59932672&p=10000172&client=DynGate" exceptions="" error="" reputation="neutral" category="142" reputation="neutral" categoryname="Remote Access" 2013:09:16-12:23:02 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs20.astaro.com' access time: 393ms" 2013:09:16-12:23:02 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs27.astaro.com' access time: 394ms" 2013:09:16-12:23:02 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs05.astaro.com' access time: 400ms" 2013:09:16-12:23:03 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs02.astaro.com' access time: 411ms" 2013:09:16-12:23:03 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs12.astaro.com' access time: 415ms" 2013:09:16-12:23:04 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs22.astaro.com' access time: 425ms" 2013:09:16-12:23:04 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs19.astaro.com' access time: 419ms" 2013:09:16-12:23:05 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs09.astaro.com' access time: 434ms" 2013:09:16-12:23:05 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs06.astaro.com' access time: 589ms" 2013:09:16-12:23:06 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs03.astaro.com' access time: 595ms" 2013:09:16-12:23:06 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs07.astaro.com' access time: 602ms" 2013:09:16-12:23:08 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs04.astaro.com' access time: 1547ms" 2013:09:16-12:23:08 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs11.astaro.com' access time: 618ms" 2013:09:16-12:23:09 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs15.astaro.com' access time: 682ms" 2013:09:16-12:23:10 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs17.astaro.com' access time: 661ms" 2013:09:16-12:23:11 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs26.astaro.com' access time: 844ms" 2013:09:16-12:23:11 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs14.astaro.com' access time: 683ms" 2013:09:16-12:23:12 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs08.astaro.com' access time: 666ms" 2013:09:16-12:23:13 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs25.astaro.com' access time: 738ms" 2013:09:16-12:23:13 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs24.astaro.com' access time: 735ms" 2013:09:16-12:23:14 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs23.astaro.com' access time: 711ms" 2013:09:16-12:23:15 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs13.astaro.com' access time: 700ms" 2013:09:16-12:23:16 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs18.astaro.com' access time: 702ms" 2013:09:16-12:23:16 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs16.astaro.com' access time: 785ms" 2013:09:16-12:23:17 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs10.astaro.com' access time: 942ms" 2013:09:16-12:23:18 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="24" request="0xed43e30" url="http://95.211.37.203/din.aspx?s=59932672&id=206991372&client=DynGate&p=10000172" exceptions="" error="" category="142" reputation="neutral" categoryname="Remote Access" content-type="application/octet-stream" application="http" 2013:09:16-12:23:20 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xed43830" url="http://95.211.37.203/dout.aspx?s=59932672&p=10000173&client=DynGate" exceptions="" error="" reputation="neutral" category="142" reputation="neutral" categoryname="Remote Access" 2013:09:16-12:23:20 sophos httpproxy[5098]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="756" message="server 'cffs01.astaro.com' access time: 581ms" 2013:09:16-12:23:46 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="24" request="0xed43e30" url="http://95.211.37.203/din.aspx?s=59932672&id=206991372&client=DynGate&p=10000173" exceptions="" error="" category="142" reputation="neutral" categoryname="Remote Access" content-type="application/octet-stream" application="http" 2013:09:16-12:23:47 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xed43830" url="http://95.211.37.203/dout.aspx?s=59932672&p=10000174&client=DynGate" exceptions="" error="" reputation="neutral" category="142" reputation="neutral" categoryname="Remote Access" 2013:09:16-12:24:13 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="24" request="0xed43e30" url="http://95.211.37.203/din.aspx?s=59932672&id=206991372&client=DynGate&p=10000174" exceptions="" error="" category="142" reputation="neutral" categoryname="Remote Access" content-type="application/octet-stream" application="http" 2013:09:16-12:24:15 sophos httpproxy[5098]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.2.3" dstip="95.211.37.203" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xed43830" url="http://95.211.37.203/dout.aspx?s=59932672&p=10000175&client=DynGate" exceptions="" error="" reputation="neutral" category="142" reputation="neutral" categoryname="Remote Access"