Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1674 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos autoupdate tries to contact sharethis.com, tribune.com and other sites

maphido

Hello,

I am a bit concerned. I installed little snitch today and noticed that sophos autoudate requested to contact sites like sharethis.com, latimes.com, tribune.com and foodnetwork.com (everytime port 80 http) and refused to update if I denied the connection using little snitch.

I run Version 8.0.6C on a Mac with OS 10.8.1

Can someone please explain this behaviour? 

Thank you,

Manuel

:1009696


This thread was automatically locked due to age.
  • 0
    Hello Manuel,

    Sophos uses the Akamai content distribution network - a CDN "maps" the update server to usually one or two servers "near" you. The CDN server mirrors the vendor's server. Many sites use CDNs and I assume - haven't checked - that those you mention also use Akamai.
    Months ago I replied to a similar post - it looks like Little Snitch sometimes messes up the reverse lookup for such addresses (resulting in site names of other Akamai customers to be displayed). Depending on your ISP you should see only a few IP addresses (dismiss the site names) AutoUpdate wants to connect to.

    HTH
    Christian
    :1009702
  • 0

    Hello Christian,

    thank you for the answer, I looked up the IP adresses with a IP lookup service and it showed me several DSL Connection Servers.

    My bad, I should have had a closer look at the IP adresses and not just the site names little snitch provides.

    Thank you again,
    manuel 

    :1009712
  • 0

    Sophos for Mac 8.0.8C, threat engine 3.37.10, threat data 4.83. Running on a 2011 iMac with OS X 10.8.2 (Mountain Lion).

    Sorry for the bump, but I experienced this myself earlier tonight, and am very glad to have found this thread! :)

    I installed Little Snitch 3 to test something, and was quite concerned when it said that Sophos AutoUpdate was asking for permission to connect to "goodhousekeeping.co.uk" and other sites. I blocked it, and then it would not update. Checking the "2 servers" Little Snitch said that Sophos had been connecting to, it listed several hostnames for each one, but only a few IPs. Many mentioned Akaimai and EdgeSuite. EDIT: Also, the IPs were apparently something to do with my ISP, Sky.

    Assuming that my issue is the same as Manuel's, then I'm quite relieved...

    :1010948