Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 26358 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Intelligence and cURL

Unknown Unknown1

Dear All,

The documentation for SAV 9.x states that the Web Intelligence service filters content for the platform's main browsers: Safari, Chrome, and Firefox. It does not mention other applications or services and, indeed, most of the apps I have looked into appear to connect directly to the Internet.

While toying with cURL this morning, I noticed that it is blocked by the Web Intelligence service, just like one of the supported browsers…

Is this by design? If so, where can we find a list of applications or services that are protected by the Web Intelligence bundle? What about other command-line tools, or Mail.app, for example?

:1021179


This thread was automatically locked due to age.
Parents
  • 0
    Specimen wrote:
    Nowadays it is recommended, and more people do so, to get their email over a secure connection, using POP or IMAP with SSL, in this situation AFAIK Web Intelligence is powerless, unless it does something like Avast does wich is controversial, that consists in installing a root certificate in Keychain, decrypting, scanning and encrypting with the root certificate.

    Am I correct?

    More and more services are moving to encrypted channels (aka SSL aka TLS). This is true for web content as well as everything else (instant messaging, email, etc.). We do not decrypt these channels in our endpoint software. Instead we attempt to validate the target domain / server via its IP address and your browser's SNI information. SNI (Server Name Indication) is a method for the browser to indicate in clear text the name of the domain its attempting to reach. We can still do reputaiton checks on that. But no content scanning.

    We've considered building a feature to do decryption. We'd always make it an option though. Our network appliances already offer such a feature, including the ability to specify what types of sites to not filter this way (e.g. never decrypt banking sites, always decrypt software download sites). I think we'd do something similar in the endpoint software, if we ever do anything more than what we do today.

    :1021411

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Reply
  • 0
    Specimen wrote:
    Nowadays it is recommended, and more people do so, to get their email over a secure connection, using POP or IMAP with SSL, in this situation AFAIK Web Intelligence is powerless, unless it does something like Avast does wich is controversial, that consists in installing a root certificate in Keychain, decrypting, scanning and encrypting with the root certificate.

    Am I correct?

    More and more services are moving to encrypted channels (aka SSL aka TLS). This is true for web content as well as everything else (instant messaging, email, etc.). We do not decrypt these channels in our endpoint software. Instead we attempt to validate the target domain / server via its IP address and your browser's SNI information. SNI (Server Name Indication) is a method for the browser to indicate in clear text the name of the domain its attempting to reach. We can still do reputaiton checks on that. But no content scanning.

    We've considered building a feature to do decryption. We'd always make it an option though. Our network appliances already offer such a feature, including the ability to specify what types of sites to not filter this way (e.g. never decrypt banking sites, always decrypt software download sites). I think we'd do something similar in the endpoint software, if we ever do anything more than what we do today.

    :1021411

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?