I wanted to buy a CD from discogs.com. For some reason, sending messages and buying a CD from the shopping cart failed. I traced it to the UTM, which was blocking certain pages on their website as malicious. Most of the website seems to be fine.
Here is a sample URL that is blocked: http://static.discogs.com/dst/discogs.min.js?asdfasdf (the "asdfasdf" is my replacement, but it gives the same error.)
Here is the error from the log: 2015:12:31-15:38:24 utm httpproxy[6386]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="10.0.x.x" dstip="" user="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3327" request="0xc8f8a000" url="static.discogs.com/.../discogs.min.js referer="" error="" authtime="0" dnstime="0" cattime="119" avscantime="0" fullreqtime="687" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9" exceptions="" reason="reputation" category="204" reputation="malicious" categoryname="Malicious Downloads"
Here are my questions:
1. How can I determine WHY the UTM reports just a few pages on this website as malware?
2. How can I determine whether it is a routine error or genuinely malware? (I suspect the former.)
3. Some months ago, I located the non-Sophos source that determines reputation limit, etc. It took a lot of research, and I cannot replicate what I did. Who runs the website that provides the "reputation limit" and malware determinations? (I vaguely recall McAfee, but I could be wrong.) Where is the "take me off your reputation limit" page request form for that company?
This thread was automatically locked due to age.
