Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 724 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting false positive hit on domain site I am editing (or trying to)

Amodin
Hey all,

I think I am getting a false positive hit on anti-virus on my ASG (8.102) when I attempt to edit a domain site.  I have had the site scanned and has come back clean, and bypassed ASG to edit the site and my local computer AV has not detected anything.  ASG however doesn't like me editing the site (currently hosted at officelive.com, getting ready to move it off of that mess).

Currently, I can only edit the site using their tools built into the site (Microsoft Website Page Editor, appears to be a SharePoint editor).

I get the following block:

While trying to retrieve the URL:  http://.com/WebSitePageEditor/default.aspx
The content is blocked due to the following condition:  The item you have requested is infected by a virus. It will not be downloaded.
Report:  HTML/Rce.Gen

This is while trying to open the Design Site function of SharePoint.


This thread was automatically locked due to age.
Parents
  • 0
    Please post the relevant line(s) from the 'Content Filter (HTTP/S)' log.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Please post the relevant line(s) from the 'Content Filter (HTTP/S)' log.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    This is what I see appear in the live log, after I've logged in to offlicelive.com and click on the Edit button on one of the webpages: 

    2011:05:22-10:44:28 amodin httpproxy[13194]: id="0056" severity="info" sys="SecureWeb" sub="http" name="web request blocked, virus detected" action="block" method="GET" srcip="192.168.20.114" dstip="65.55.194.97" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5221" time="1140 ms" request="0xec548a90" url="thewildwestwedding.com/.../default.aspx

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5

Cookie Information Banner