Advertising on legitimate sites

Unanswered Question
Sep 9th, 2008
User Badges:

Hi, we have recently installed a S650 in our organisation and are having trouble with certain legitimate websites who use third party advertising.

One example is www.heraldsun.com.au - because of the advertisment being detected as malware (one of those ad's which display over the top of the content i assume) it throws back a full page block from the wsa.

I have added the url's to the Custom URL Categories on the WSA but it doesnt help as the ad's are usually from places like adserve, etc.

We are at a bit of a loss as to how we can allow our staff to access this newspapers website.

Any help would be appreciated,

Adam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jowolfer Tue, 09/09/2008 - 16:12
User Badges:

Adam,

Please verify the URLs that are being blocked, via the access logs. One thing that may be causing trouble is that you might be blocking the 'Advertisements' web category. If this is the case, it is recommended that you set the advertisements to 'monitor' instead of block (for this exact reason).

If the advertisements really contain malware, this is correct behavior. If this is an incorrect policy match, we can figure out what is causing the block by looking into the access logs.

What version of the WSA are you running on?

AdamScott_ironport Wed, 09/17/2008 - 05:14
User Badges:

Josh,

Model: S650
Version: 5.5.2-030 for Web

I have looked into the BLOCK and this is the error:

(1, MALWARE_GENERAL, BLOCK-MALWARE, , 0x0011f8cf, 1221623970.890, AAAATAAAAAAAAAAAJP8ACP8AAAA=, http://as.starware.com/dp/search?x=wKX1ILEOi+V4Si9t41cP... extremely long code here)


Advertisements are set to monitor, but naturally malware is set to block.

Is there any way around this short of a custom url for starware.com?

Thanks
jowolfer Wed, 09/17/2008 - 20:01
User Badges:

This domain "as.starware.com" has hit many of the bad reputation metrics and is currently listed as -6.35.

The only way to get around this would be to lower your WBRS block threshold or create a rule to white list the site.

I don't recommend allowing this traffic, since the reputation deems the site untrustworthy. If you lower the block threshold, at least the objects will still be scanned by the anti-malware engines.

Actions

This Discussion