Thread Info
  • State Not Answered
  • Replies 10 replies
  • Subscribers 0 subscribers
  • Views 764 views
  • Users 0 members are here
Options
Suggested

[7.911][BUG][FIXED] Possible bad IPS rule

Scott_Klassen
I just happened to take a look at the IPS report for today on my V8 beta test box and saw something interesting.
 
Rule ID:  16460
Rule Description:  WEB-MISC text/html content-type without HTML - possible malware C&C
Rule Group:  Server / HTTP / Common
Packets:  412
 
The source IP's of these attacks are 64.191.223.35 and 64.191.223.36, which just so happen to be addresses for Commtouch. Due to this, I'm not sure if the AntiSpam reputation information is getting updated or not. Just thought I'd let somebody know.
Parents Reply Children
  • 0 in reply to kbr
    kbr, I started a case some time ago under 7.504 ... all of my managed customers were having false positives with this rule.  Astaro Support said it was part of the HTTP Server rule group, and should only be a problem if one has it enabled but has no servers defined under the tuning section.  That was not the case; but I dropped the issue with them (I just didn't have time to send them more log data) and ended up disabling that rule on all of my managed customers.  I definitely believe that it's a bad rule.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to kbr
    Thanks for reporting this. We've put this on our internal watchlist, but haven't seen any issues related to this id. If this is a false positive and becomes a problem, we'll be able to react quickly, but until then i can't assign it a mantis id.


    I thought you already had a mantis ID on this [:P] https://community.sophos.com/products/unified-threat-management/astaroorg/f/102/t/69515
Cookie Information Banner