This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Todays Threat Status - Question

Ok, so I have the below screenshot in my dashboard.  For example, it says 2 antispyware items blocked.

Whats the easiest way to find OUT EXACTLY what items were blocked?  Inlcluding the URL and the particular spyware that was blocked.

My gut instinct was to check out the "View Log Files" and when I did view the "Content Filter (HTTP)"  I saw a few log entries like this:

2008:02:20-06:50:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2698" time="2 ms" request="0xad9644b0" url="www.yourspacenow.com/.../happybirthday38.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:50:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2698" time="1 ms" request="0xad9644b0" url="www.yourspacenow.com/.../happybirthday40.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:50:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2698" time="32 ms" request="0xad924788" url="www.yourspacenow.com/.../happybirthday41.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:50:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2698" time="77 ms" request="0xad93bf70" url="www.yourspacenow.com/.../happybirthday39.gif" error="" reason="category" category="0930" categoryname="Chat"

and:


2008:02:20-06:51:08 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="2 ms" request="0xad955ff8" url="www.yourspacenow.com/.../glitterwords41.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:51:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="2 ms" request="0xad93bf70" url="www.yourspacenow.com/.../glitterwords43.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:51:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="9 ms" request="0xad956718" url="www.yourspacenow.com/.../glitterwords42.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:51:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="2 ms" request="0xad93bf70" url="www.yourspacenow.com/.../glitterwords44.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:51:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="3 ms" request="0xad956718" url="www.yourspacenow.com/.../glitterwords45.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:51:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="3 ms" request="0xad956718" url="www.yourspacenow.com/.../glitterwords46.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:51:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="3 ms" request="0xad95a5f0" url="www.yourspacenow.com/.../glitterwords47.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:51:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="5 ms" request="0xad93bf70" url="www.yourspacenow.com/.../glitterwords48.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:51:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="5 ms" request="0xad956718" url="www.yourspacenow.com/.../glitterwords49.gif" error="" reason="category" category="0930" categoryname="Chat"

2008:02:20-06:51:09 (none) httpproxy[4163]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2696" time="1 ms" request="0xad95a5f0" url="www.yourspacenow.com/.../glitterwords50.gif" error="" reason="category" category="0930" categoryname="Chat"

However those are *.gif files..how can that be adware? Then I saw this entry, which Im guessing would be the culprit?

2008:02:20-06:52:44 (none) httpproxy[4163]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request could not be delivered due to an error" action="block" method="GET" srcip="192.168.1.4" user="" statuscode="502" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2823" time="64181 ms" request="0xad954e90" url="ad.yieldmanager.com/iframe3

So basically what I'm wondering in detail is, what should I be looking for in the logs? Obviously not gif files Im presuming but something like that last entry?

Is this the best spot in astaro to find this info, or is there a section that says EXACTLY "this is the item spyware that was blocked" and the corresponding IP.

Thanks guys!

This thread was automatically locked due to age.

0 chugger93 over 18 years ago

like maybe there should be a section for antispyware here in this screenshot
- blocked.jpg
- View
- Hide
Cancel
Vote Up 0 Vote Down

Cancel