Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 2 subscribers
  • Views 4590 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

help understanding logs of waf

lior me

i have some repeated logging of error in the waf

i have 2 exchange servers in dag

i'm having outlooks randomly prompting for passwords every some time. it can happen 1-2 times a day or after 2 days

i'm not sure, but i think it only happens on outlook 2016, not a 100 percent sure about that

my waf is setup using a step by step guide and my sophos utm works in HA pair - 2 nodes

here are the logs from the waf

 

see highlighted parts, those are the ones that maybe causing my problem but i'm not sure what to look for

the highlights just keeps coming back. i'm not sure it's related to my problem but maybe it'll tell you something

7:06:27-19:24:45 mailgw-1 httpd[14788]: [avscan:error] [pid 14788:tid 3962833776] [client 84.109.126.68:53597] [14788] mod_avscan_check_file_single_part() called with parameter filename=NULL
2017:06:27-19:24:45 mailgw-1 httpd: id="0299" srcip="84.109.126.68" localip="192.168.4.170" size="1" user="-" host="84.109.126.68" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="70513345" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=4ebd0725-ddfd-4ba7-864a-68bd37c93403@smiling.co.il" referer="-" cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6uA8AAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjq+zVgjd73UCA==;MapiSequence=226-AI+HIA==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=4ebd0725-ddfd-4ba7-864a-68bd37c93403=u56Lnp2ejJqBzMzLzp6am57SmpydzdLLzMrH0p3Nz5vSzMqeyJvHnM/IzMfHgYHNz87I0s/I0s3Iq87Jxc7HxcvN" set-cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6uA8AAAAAAAAA==; path=/mapi/emsmdb; secure; HttpOnly, X-BackEndCookie=4ebd0725-ddfd-4
2017:06:27-19:24:45 mailgw-1 httpd: ba7-864a-68bd37c93403=u56Lnp2ejJqBzMzLzp6am57SmpydzdLLzMrH0p3Nz5vSzMqeyJvHnM/IzMfHgYHNz87I0s/I0s3Iq87Jxc3Mxc3J; expires=Thu, 27-Jul-2017 16:23:26 GMT; path=/mapi; secure; HttpOnly" uid="WVKGhsCoBKoAADnEuksAAACq"
2017:06:27-19:24:45 mailgw-1 httpd[12959]: [security2:error] [pid 12959:tid 4105509744] [client 62.219.52.4] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKGzcCoBKoAADKfFLUAAALx"]
2017:06:27-19:24:45 mailgw-1 httpd: id="0299" srcip="62.219.52.4" localip="192.168.4.170" size="136" user="-" host="62.219.52.4" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="10192" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=47d73927-0317-4e30-ac53-f403769f7c30@memail.co.il" referer="-" cookie="FGTServer=2933AC813475A284B0ED0905E35724EAC5A29081085A95E5C939A839C2F3181FE55962E6D9BB3E24E385F8807AF9C5FBAD80;MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6vB6gAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjoQ+hm3eL3UCA==;MapiSequence=1846-xh0MZA==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=47d73927-0317-4e30-ac53-f403769f7c30=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3LxczJ" set-cookie="MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJi
2017:06:27-19:24:45 mailgw-1 httpd: YzQ2OGQwYWZlZjoQ+hm3eL3UCA==; path=/mapi/; secure; HttpOnly, MapiSequence=1847-NurgUQ==; path=/mapi/emsmdb; secure; HttpOnly, MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6vB6gAAAAAAAA==; path=/mapi/emsmdb; secure; HttpOnly, X-BackEndCookie=47d73927-0317-4e30-ac53-f403769f7c30=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3LxczJ; expires=Thu, 27-Jul-2017 16:24:36 GMT; path=/mapi; secure; HttpOnly" uid="WVKGzcCoBKoAADKfFLUAAALx"
2017:06:27-19:24:45 mailgw-1 httpd[14788]: [security2:error] [pid 14788:tid 3920870256] [client 62.219.52.4] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKGzcCoBKoAADnEusYAAACv"]
2017:06:27-19:24:45 mailgw-1 httpd[12959]: [security2:error] [pid 12959:tid 4105509744] [client 62.219.52.4] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKGzcCoBKoAADKfFLYAAALx"]
2017:06:27-19:24:45 mailgw-1 httpd[14788]: [security2:error] [pid 14788:tid 3719445360] [client 62.219.52.4] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKGzcCoBKoAADnEuscAAADH"]
2017:06:27-19:24:45 mailgw-1 httpd: id="0299" srcip="62.219.52.4" localip="192.168.4.170" size="127" user="-" host="62.219.52.4" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="47200" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=47d73927-0317-4e30-ac53-f403769f7c30@memail.co.il" referer="-" cookie="FGTServer=2933AC813475A284B0ED0905E35724EAC5A29081085A95E5C939A839C2F3181FE55962E6D9BB3E24E385F8807AF9C5FBAD80;MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6vB6gAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjoQ+hm3eL3UCA==;MapiSequence=1847-NurgUQ==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=47d73927-0317-4e30-ac53-f403769f7c30=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3LxczJ" set-cookie="MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJi
2017:06:27-19:24:45 mailgw-1 httpd: YzQ2OGQwYWZlZjoQ+hm3eL3UCA==; path=/mapi/; secure; HttpOnly, MapiSequence=1848-IapZdA==; path=/mapi/emsmdb; secure; HttpOnly, MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6vB6gAAAAAAAA==; path=/mapi/emsmdb; secure; HttpOnly, X-BackEndCookie=47d73927-0317-4e30-ac53-f403769f7c30=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3LxczJ; expires=Thu, 27-Jul-2017 16:24:36 GMT; path=/mapi; secure; HttpOnly" uid="WVKGzcCoBKoAADKfFLYAAALx"
2017:06:27-19:24:45 mailgw-1 httpd: id="0299" srcip="62.219.52.4" localip="192.168.4.170" size="0" user="-" host="62.219.52.4" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="13141" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=47d73927-0317-4e30-ac53-f403769f7c30@memail.co.il" referer="-" cookie="FGTServer=2933AC813475A284B0ED0905E35724EAC5A29081085A95E5C939A839C2F3181FE55962E6D9BB3E24E385F8807AF9C5FBAD80;MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6vB6gAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjoQ+hm3eL3UCA==;MapiSequence=1845-Fdqzeg==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=47d73927-0317-4e30-ac53-f403769f7c30=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3LxczK" set-cookie="-" uid="WVKGzcCoBKoAADnEuscAAADH"
2017:06:27-19:24:45 mailgw-1 httpd[12959]: [security2:error] [pid 12959:tid 4105509744] [client 62.219.52.4] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKGzcCoBKoAADKfFLcAAALx"]
2017:06:27-19:24:45 mailgw-1 httpd[14788]: [security2:error] [pid 14788:tid 3719445360] [client 62.219.52.4] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKGzcCoBKoAADnEusgAAADH"]
2017:06:27-19:24:45 mailgw-1 httpd: id="0299" srcip="62.219.52.4" localip="192.168.4.170" size="132" user="-" host="62.219.52.4" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="48695" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=47d73927-0317-4e30-ac53-f403769f7c30@memail.co.il" referer="-" cookie="FGTServer=2933AC813475A284B0ED0905E35724EAC5A29081085A95E5C939A839C2F3181FE55962E6D9BB3E24E385F8807AF9C5FBAD80;MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6vB6gAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjoQ+hm3eL3UCA==;MapiSequence=1848-IapZdA==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=47d73927-0317-4e30-ac53-f403769f7c30=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3LxczJ" set-cookie="MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJi
2017:06:27-19:24:45 mailgw-1 httpd: YzQ2OGQwYWZlZjoQ+hm3eL3UCA==; path=/mapi/; secure; HttpOnly, MapiSequence=1849-WWYqFw==; path=/mapi/emsmdb; secure; HttpOnly, MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6vB6gAAAAAAAA==; path=/mapi/emsmdb; secure; HttpOnly, X-BackEndCookie=47d73927-0317-4e30-ac53-f403769f7c30=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3LxczI; expires=Thu, 27-Jul-2017 16:24:37 GMT; path=/mapi; secure; HttpOnly" uid="WVKGzcCoBKoAADKfFLcAAALx"
2017:06:27-19:24:45 mailgw-1 httpd: id="0299" srcip="80.246.138.93" localip="192.168.4.170" size="39" user="-" host="80.246.138.93" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="4972658" url="/Microsoft-Server-ActiveSync" server="" port="443" query="?User=yehuda@memail.co.il&DeviceId=MFCUTOK3P96K7C0PBHT1TS65QC&DeviceType=iPhone&Cmd=Ping" referer="-" cookie="X-BackEndCookie=S-1-5-21-582345077-1407340405-3619269525-1230=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3Lxc7J; ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2" set-cookie="X-BackEndCookie=S-1-5-21-582345077-1407340405-3619269525-1230=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3LxczI; expires=Thu, 27-Jul-2017 16:24:37 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly" uid="WVKGyMCoBKoAADiqtkwAAAAk"
2017:06:27-19:24:46 mailgw-1 httpd[14506]: [security2:error] [pid 14506:tid 4038368112] [client 212.68.157.169] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKGzsCoBKoAADiqtlIAAAAL"]
2017:06:27-19:24:46 mailgw-1 httpd: id="0299" srcip="212.68.157.169" localip="192.168.4.170" size="0" user="-" host="212.68.157.169" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="12759" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=1baa0268-1484-4c3c-b605-89a7821fe796@memail.co.il" referer="-" cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6td6QAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjpLlja3eL3UCA==;MapiSequence=496-nj0VMA==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=1baa0268-1484-4c3c-b605-89a7821fe796=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3MxczK" set-cookie="-" uid="WVKGzsCoBKoAADiqtlIAAAAL"
2017:06:27-19:24:46 mailgw-1 httpd[14506]: [security2:error] [pid 14506:tid 4038368112] [client 212.68.157.169] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKGzsCoBKoAADiqtlMAAAAL"]
2017:06:27-19:24:47 mailgw-1 httpd[14788]: [avscan:error] [pid 14788:tid 3979619184] [client 212.68.157.169:38280] [14788] sending trickle failed: 103
2017:06:27-19:24:47 mailgw-1 httpd[14788]: [avscan:warn] [pid 14788:tid 3979619184] [client 212.68.157.169:38280] [14788] client requesting /mapi/emsmdb/ has disconnected
2017:06:27-19:24:47 mailgw-1 httpd[14788]: [avscan:error] [pid 14788:tid 3979619184] [client 212.68.157.169:38280] [14788] mod_avscan_check_file_single_part() called with parameter filename=NULL
2017:06:27-19:24:47 mailgw-1 httpd: id="0299" srcip="212.68.157.169" localip="192.168.4.170" size="1" user="-" host="212.68.157.169" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="62001379" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=1baa0268-1484-4c3c-b605-89a7821fe796@memail.co.il" referer="-" cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6td6QAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjpLlja3eL3UCA==;MapiSequence=496-nj0VMA==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=1baa0268-1484-4c3c-b605-89a7821fe796=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3MxczK" set-cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6td6QAAAAAAAA==; path=/mapi/emsmdb; secure; HttpOnly, X-BackEndCookie=1baa0268-1484-
2017:06:27-19:24:47 mailgw-1 httpd: 4c3c-b605-89a7821fe796=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3MxczJ; expires=Thu, 27-Jul-2017 16:23:36 GMT; path=/mapi; secure; HttpOnly" uid="WVKGkcCoBKoAADnEulgAAACo"
2017:06:27-19:24:47 mailgw-1 httpd[14506]: [avscan:error] [pid 14506:tid 4130687856] [client 82.80.145.245:61013] [14506] sending trickle failed: 103
2017:06:27-19:24:47 mailgw-1 httpd[14506]: [avscan:error] [pid 14506:tid 3761408880] [client 62.219.134.241:63310] [14506] sending trickle failed: 103
2017:06:27-19:24:47 mailgw-1 httpd[14506]: [avscan:warn] [pid 14506:tid 4130687856] [client 82.80.145.245:61013] [14506] client requesting /mapi/emsmdb/ has disconnected
2017:06:27-19:24:47 mailgw-1 httpd[14506]: [avscan:warn] [pid 14506:tid 3761408880] [client 62.219.134.241:63310] [14506] client requesting /mapi/emsmdb/ has disconnected
2017:06:27-19:24:47 mailgw-1 httpd[14788]: [avscan:error] [pid 14788:tid 4046760816] [client 141.226.181.114:42556] [14788] sending trickle failed: 103
2017:06:27-19:24:47 mailgw-1 httpd[14788]: [avscan:warn] [pid 14788:tid 4046760816] [client 141.226.181.114:42556] [14788] client requesting /mapi/emsmdb/ has disconnected
2017:06:27-19:24:47 mailgw-1 httpd[14506]: [avscan:error] [pid 14506:tid 4130687856] [client 82.80.145.245:61013] [14506] mod_avscan_check_file_single_part() called with parameter filename=NULL
2017:06:27-19:24:47 mailgw-1 httpd[14506]: [avscan:error] [pid 14506:tid 3761408880] [client 62.219.134.241:63310] [14506] mod_avscan_check_file_single_part() called with parameter filename=NULL
2017:06:27-19:24:47 mailgw-1 httpd[14788]: [avscan:error] [pid 14788:tid 4046760816] [client 141.226.181.114:42556] [14788] mod_avscan_check_file_single_part() called with parameter filename=NULL
2017:06:27-19:24:47 mailgw-1 httpd: id="0299" srcip="82.80.145.245" localip="192.168.4.170" size="2" user="-" host="82.80.145.245" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="143077311" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=cf7ac625-fe94-4ebf-951b-5e958b41f30d@camisa.co.il" referer="-" cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6vb9AAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjq6BdOIeL3UCA==;MapiSequence=11-SRFUBA==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=cf7ac625-fe94-4ebf-951b-5e958b41f30d=u56Lnp2ejJqBzMzLzp6am57SmpydzdLLzMrH0p3Nz5vSzMqeyJvHnM/IzMfHgYHNz87I0s/I0s3Iq87Jxc3Oxc7K" set-cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6vb9AAAAAAAAA==; path=/mapi/emsmdb; secure; HttpOnly, X-BackEndCookie=cf7ac625-fe94-4e
2017:06:27-19:24:47 mailgw-1 httpd: bf-951b-5e958b41f30d=u56Lnp2ejJqBzMzLzp6am57SmpydzdLLzMrH0p3Nz5vSzMqeyJvHnM/IzMfHgYHNz87I0s/I0s3Iq87Jxc3Nxc7K; expires=Thu, 27-Jul-2017 16:22:15 GMT; path=/mapi; secure; HttpOnly" uid="WVKGQMCoBKoAADiqtV8AAAAA"
2017:06:27-19:24:47 mailgw-1 httpd: id="0299" srcip="62.219.134.241" localip="192.168.4.170" size="1" user="-" host="62.219.134.241" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="71221787" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=54901a6d-97ad-4602-8fa9-6100a6b87bfc@camisa.co.il" referer="-" cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6sT8QAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjqJ0cmKd73UCA==;MapiSequence=353-O34NOQ==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=54901a6d-97ad-4602-8fa9-6100a6b87bfc=u56Lnp2ejJqBzMzLzp6am57SmpydzdLLzMrH0p3Nz5vSzMqeyJvHnM/IzMfHgYHNz87I0s/I0s3Iq87Jxc3Nxc3M" set-cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6sT8QAAAAAAAA==; path=/mapi/emsmdb; secure; HttpOnly, X-BackEndCookie=54901a6d-97ad-
2017:06:27-19:24:47 mailgw-1 httpd: 4602-8fa9-6100a6b87bfc=u56Lnp2ejJqBzMzLzp6am57SmpydzdLLzMrH0p3Nz5vSzMqeyJvHnM/IzMfHgYHNz87I0s/I0s3Iq87Jxc3Mxc3I; expires=Thu, 27-Jul-2017 16:23:27 GMT; path=/mapi; secure; HttpOnly" uid="WVKGiMCoBKoAADiqtfEAAAAs"
2017:06:27-19:24:47 mailgw-1 httpd: id="0299" srcip="141.226.181.114" localip="192.168.4.170" size="1" user="-" host="141.226.181.114" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="70672851" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=9dcf64dc-3fd9-4550-b46e-d32f9f3fcc4b@shefafood.co.il" referer="-" cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6ty8wAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjrKRaLpd73UCA==;MapiSequence=149-sDFDXQ==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node2;X-BackEndCookie=9dcf64dc-3fd9-4550-b46e-d32f9f3fcc4b=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3Nxc/P" set-cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6ty8wAAAAAAAA==; path=/mapi/emsmdb; secure; HttpOnly, X-BackEndCookie=9dcf64dc-
2017:06:27-19:24:47 mailgw-1 httpd: 3fd9-4550-b46e-d32f9f3fcc4b=u56Lnp2ejJqBx56axsaey5rSmc6Zz9LLysnP0seays/Sy5zMzprKz53Nz53KgYHNz87I0s/I0s3Iq87Jxc3Mxc3H; expires=Thu, 27-Jul-2017 16:23:28 GMT; path=/mapi; secure; HttpOnly" uid="WVKGiMCoBKoAADnEuk0AAACg"
2017:06:27-19:24:48 mailgw-1 httpd[14788]: [security2:error] [pid 14788:tid 3769801584] [client 62.90.54.144] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKG0MCoBKoAADnEuskAAADB"]
2017:06:27-19:24:48 mailgw-1 httpd: id="0299" srcip="62.90.54.144" localip="192.168.4.170" size="0" user="-" host="62.90.54.144" method="POST" statuscode="401" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="15545" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=cf7ac625-fe94-4ebf-951b-5e958b41f30d@camisa.co.il" referer="-" cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6sG7wAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjr4yuDeeL3UCA==;MapiSequence=211-nmFwSA==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node1;X-BackEndCookie=cf7ac625-fe94-4ebf-951b-5e958b41f30d=u56Lnp2ejJqBzMzLzp6am57SmpydzdLLzMrH0p3Nz5vSzMqeyJvHnM/IzMfHgYHNz87I0s/I0s3Iq87Jxc3MxczG" set-cookie="-" uid="WVKG0MCoBKoAADnEuskAAADB"
2017:06:27-19:24:48 mailgw-1 httpd[14788]: [security2:error] [pid 14788:tid 3769801584] [client 62.90.54.144] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname ""] [uri "/mapi/emsmdb/"] [unique_id "WVKG0MCoBKoAADnEusoAAADB"]
2017:06:27-19:24:48 mailgw-1 httpd: id="0299" srcip="62.90.54.144" localip="192.168.4.170" size="112" user="-" host="62.90.54.144" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipAntiVirus, SkipURLHardening, SkipFormHardening, SkipCookieSigning, SkipThreatsFilter" time="48323" url="/mapi/emsmdb/" server="" port="443" query="?MailboxId=cf7ac625-fe94-4ebf-951b-5e958b41f30d@camisa.co.il" referer="-" cookie="MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6sG7wAAAAAAAA==;MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjr4yuDeeL3UCA==;MapiSequence=211-nmFwSA==;ROUTEID.0e9f56dedc1c6a43ee0c263a6d1b336b=.node1;X-BackEndCookie=cf7ac625-fe94-4ebf-951b-5e958b41f30d=u56Lnp2ejJqBzMzLzp6am57SmpydzdLLzMrH0p3Nz5vSzMqeyJvHnM/IzMfHgYHNz87I0s/I0s3Iq87Jxc3MxczG" set-cookie="MapiRouting=UlVNOjkwMjM5OTVjLTk2N2QtNGUxNS04MjVkLWJiYzQ2OGQwYWZlZjr4yuDeeL3UCA==; path=/mapi/; secure; HttpOnly, MapiSequence=212-5VPlMg==; path=/mapi/emsmdb; sec
2017:06:27-19:24:48 mailgw-1 httpd: ure; HttpOnly, MapiContext=MAPIAAAAAOGg58qP1+fW9cf3xvHc7Nr3xv7e7tft2e3X5N2HpJamkaibqp+qn6sG7wAAAAAAAA==; path=/mapi/emsmdb; secure; HttpOnly, X-BackEndCookie=cf7ac625-fe94-4ebf-951b-5e958b41f30d=u56Lnp2ejJqBzMzLzp6am57SmpydzdLLzMrH0p3Nz5vSzMqeyJvHnM/IzMfHgYHNz87I0s/I0s3Iq87Jxc3LxcvP; expires=Thu, 27-Jul-2017 16:24:40 GMT; path=/mapi; secure; HttpOnly" uid="WVKG0MCoBKoAADnEusoAAADB"
2017:06:27-19:24:49 mailgw-1 httpd[14788]: [avscan:error] [pid 14788:tid 4071938928] [client 5.29.8.139:57171] [14788] sending trickle failed: 103
2017:06:27-19:24:49 mailgw-1 httpd[14506]: [avscan:error] [pid 14506:tid 4088724336] [client 5.29.8.139:57170] [14506] sending trickle failed: 103
2017:06:27-19:24:49 mailgw-1 httpd[14788]: [avscan:warn] [pid 14788:tid 4071938928] [client 5.29.8.139:57171] [14788] client requesting /mapi/emsmdb/ has disconnected
2017:06:27-19:24:49 mailgw-1 httpd[14506]: [avscan:warn] [pid 14506:tid 4088724336] [client 5.29.8.139:57170] [14506] client requesting /mapi/emsmdb/ has disconnected
2017:06:27-19:24:49 mailgw-1 httpd[14506]: [avscan:error] [pid 14506:tid 4088724336] [client 5.29.8.139:57170] [14506] mod_avscan_check_file_single_part() called with parameter filename=NULL
2017:06:27-19:24:49 mailgw-1 httpd[14788]: [avscan:error] [pid 14788:tid 4071938928] [client 5.29.8.139:57171] [14788] mod_avscan_check_file_single_part() called with parameter filename=NULL



This thread was automatically locked due to age.
Unfiltered HTML