Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 10631 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection scannt nicht / sehr selten

Jan Sass

Guten Abend,

 

durch blanken Zufall habe ich gesehen, daß in unserer UTM 9 die Web Protection an ist, als ich diese Datei herunter laden wollte (Das ist ein Tool zum Bildschirm-Spiegeln am Mac):

phyar.cn/vtDisplayHost_v1.1.pkg.zip

Die Web Protection öffnet das Fenster, lädt runter und bietet den Download dann an.

Das passiert sonst bei keiner mir bekannt URL, http (https eh nicht), z.B. hier auch nicht:

http://dl.cdn.chip.de/downloads/3427393/VistaCodecs_v720.exe?cid=54418704&platform=chip&1501178227-1501185727-63350c-B-ced94df681fd3f8e31b948af9e80f9ba.exe

Ich habe alle Forentipps gelesen, weiß, warum es über https nicht geht, aber auch ohne will es nicht. Es ist *nichts* konfiguriert, Werkszustand, also ua auch keine Exceptions..

Hat jemand einen Tipp für mich? Ich hätte das gerne für praktisch alle Dateitypen, die ausführbar sind..

Viele Grüße

Jan



This thread was automatically locked due to age.
  • 0

    Hallo Jan,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    Why do you think those items are not being scanned?  Please show us a line from the Web Filtering log related to one of the two URLs above.  Also, say if Web Filtering is enabled in Transparent mode and if you are scanning HTTPS.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob, 

    vielen Dank und, ich muß gestehen, ich weiß nicht, ob diese gescannt werden.. Ich sehe nur kein Zwischen-Fenster. 

    Logging & Reporting > View Logs > Webfiltering: 

    (Live-Log while clicking on a random chip.de download:)


    2017:07:29-13:10:02 firewall2 httpproxy[6113]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.188.3" dstip="52.27.8.169" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo3 (containing _lowsec-Users)" filteraction="REF_HttCffLowsecuser (_Lowsec-Users)" size="43" request="0xdffcf600" url="www.summerhamster.com/bcn referer="www.chip.de/.../c1_downloads_hs_getfile_v1_16103262.html error="" authtime="0" dnstime="23596" cattime="303" avscantime="54731" fullreqtime="439815" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" exceptions="" category="177" reputation="neutral" categoryname="Content Server" sandbox="-" content-type="image/gif"
    2017:07:29-13:10:02 firewall2 httpproxy[6113]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.188.3" dstip="213.239.204.104" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo3 (containing _lowsec-Users)" filteraction="REF_HttCffLowsecuser (_Lowsec-Users)" size="333" request="0xb608400" url="651f0db2333a007762c58f33e205020767c2cd2c.3.damoh.chip.de/" referer="www.chip.de/.../c1_downloads_hs_getfile_v1_16103262.html error="" authtime="0" dnstime="34703" cattime="232" avscantime="4441" fullreqtime="268683" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" exceptions="" category="175" reputation="neutral" categoryname="Software/Hardware" sandbox="-" content-type="text/plain"
    2017:07:29-13:10:03 firewall2 httpproxy[6113]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.188.3" dstip="213.239.196.162" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo3 (containing _lowsec-Users)" filteraction="REF_HttCffLowsecuser (_Lowsec-Users)" size="70" request="0xd331ea00" url="cfdff1a067612e4fb35b44ad9f353547e12ad2dc.3.damoh.chip.de/" referer="www.chip.de/.../c1_downloads_hs_getfile_v1_16103262.html error="" authtime="0" dnstime="11956" cattime="238" avscantime="4688" fullreqtime="132684" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537
     
    ...also scannt es doch? Nur eben ohne Fenster ? Wann kommt denn das Fenster dann?
     
    Viele Grüße
    Jan
     
  • 0 in reply to Jan Sass

    When I read "Zwischen-Fenster" in your last post, I realized I'd read the first post too quickly and missed the fact that this was your concern.  The download-progress window only pops up when a file will take more than several seconds to load.  All of those items shown in the log were scanned.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Yes they were scanned.  See avscantime="54731"

    If they are not scanned then avscantime="0".

Unfiltered HTML