kaspersky and ufdbguard

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

kaspersky and ufdbguard

Vacheslav

Peace,

When I configured Kaspersky to use proxy, I started getting as an example:

BLOCK -                10.96.0.104     config     https-option  195.122.177.165:443 CONNECT

I have require https hostname. Kaspersky is updating fine.

Anyone has an idea what Kaspersky is connecting ?


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: kaspersky and ufdbguard

Amos Jeffries
Administrator
On 17/05/18 17:45, Vacheslav wrote:

> Peace,
>
> When I configured Kaspersky to use proxy, I started getting as an example:
>
> BLOCK -                10.96.0.104     config     https-option 
> 195.122.177.165:443 CONNECT
>
> I have require https hostname. Kaspersky is updating fine.
>
> Anyone has an idea what Kaspersky is connecting ?
>

That is a custom log format, you have not provided any info about what
each field is. So no, we don't have much of a clue what it means.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: kaspersky and ufdbguard

Vacheslav
I have this:
acl {
   allSystems  {
      ### EDIT THE NEXT LINE FOR LOCAL CONFIGURATION:
      pass
           alwaysallow
           # !always-block
            !ms-data-collection
           !adult !security
            !proxies !malware !warez
           !gambling !violence !drugs
       !phishtank !spyware
           chat dating !games religion  finance jobs shops sports travel news
           webmail forum socialnet youtube
           !webtv webradio audiovideo
           !ads
           searchengine
           # with "logall on" or "logpass on" it makes sense to have the category "checked" in the ACL.
           any
           # NOTE: ALL categories are part of the ACL for logging purposes.
           # Only when logall is off, one can remove the allowed categories from the ACL.
   }

I don't have a similar config acl.

-----Original Message-----
From: squid-users <[hidden email]> On Behalf Of Amos Jeffries
Sent: Thursday, May 17, 2018 1:56 PM
To: [hidden email]
Subject: Re: [squid-users] kaspersky and ufdbguard

On 17/05/18 17:45, Vacheslav wrote:

> Peace,
>
> When I configured Kaspersky to use proxy, I started getting as an example:
>
> BLOCK -                10.96.0.104     config     https-option
> 195.122.177.165:443 CONNECT
>
> I have require https hostname. Kaspersky is updating fine.
>
> Anyone has an idea what Kaspersky is connecting ?
>

That is a custom log format, you have not provided any info about what each field is. So no, we don't have much of a clue what it means.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: kaspersky and ufdbguard

Marcus Kool
195.122.177.165 is an IP address of Kaspersky (see whois 195.122.177.165).
ufdbguardd blocks this IP address since it is configured to do so which is indicated by 'https-option', most likely because the config has
    option enforce-https-with-hostname on # default is off.

Marcus


On 17/05/18 08:03, Vacheslav wrote:

> I have this:
> acl {
>     allSystems  {
>        ### EDIT THE NEXT LINE FOR LOCAL CONFIGURATION:
>        pass
>   alwaysallow
>   # !always-block
>    !ms-data-collection
>   !adult !security
>    !proxies !malware !warez
>   !gambling !violence !drugs
>          !phishtank !spyware
>   chat dating !games religion  finance jobs shops sports travel news
>   webmail forum socialnet youtube
>             !webtv webradio audiovideo
>   !ads
>             searchengine
>   # with "logall on" or "logpass on" it makes sense to have the category "checked" in the ACL.
>   any
>   # NOTE: ALL categories are part of the ACL for logging purposes.
>   # Only when logall is off, one can remove the allowed categories from the ACL.
>     }
>
> I don't have a similar config acl.
>
> -----Original Message-----
> From: squid-users <[hidden email]> On Behalf Of Amos Jeffries
> Sent: Thursday, May 17, 2018 1:56 PM
> To: [hidden email]
> Subject: Re: [squid-users] kaspersky and ufdbguard
>
> On 17/05/18 17:45, Vacheslav wrote:
>> Peace,
>>
>> When I configured Kaspersky to use proxy, I started getting as an example:
>>
>> BLOCK -                10.96.0.104     config     https-option
>> 195.122.177.165:443 CONNECT
>>
>> I have require https hostname. Kaspersky is updating fine.
>>
>> Anyone has an idea what Kaspersky is connecting ?
>>
>
> That is a custom log format, you have not provided any info about what each field is. So no, we don't have much of a clue what it means.
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: kaspersky and ufdbguard

Vacheslav
Yeah all that I know, The million dollar question is should I continue blocking it?

-----Original Message-----
From: squid-users <[hidden email]> On Behalf Of Marcus Kool
Sent: Thursday, May 17, 2018 3:22 PM
To: [hidden email]
Subject: Re: [squid-users] kaspersky and ufdbguard

195.122.177.165 is an IP address of Kaspersky (see whois 195.122.177.165).
ufdbguardd blocks this IP address since it is configured to do so which is indicated by 'https-option', most likely because the config has
    option enforce-https-with-hostname on # default is off.

Marcus


On 17/05/18 08:03, Vacheslav wrote:

> I have this:
> acl {
>     allSystems  {
>        ### EDIT THE NEXT LINE FOR LOCAL CONFIGURATION:
>        pass
>   alwaysallow
>   # !always-block
>    !ms-data-collection
>   !adult !security
>    !proxies !malware !warez
>   !gambling !violence !drugs
>          !phishtank !spyware
>   chat dating !games religion  finance jobs shops sports travel news
>   webmail forum socialnet youtube
>             !webtv webradio audiovideo
>   !ads
>             searchengine
>   # with "logall on" or "logpass on" it makes sense to have the category "checked" in the ACL.
>   any
>   # NOTE: ALL categories are part of the ACL for logging purposes.
>   # Only when logall is off, one can remove the allowed categories from the ACL.
>     }
>
> I don't have a similar config acl.
>
> -----Original Message-----
> From: squid-users <[hidden email]> On Behalf Of Amos Jeffries
> Sent: Thursday, May 17, 2018 1:56 PM
> To: [hidden email]
> Subject: Re: [squid-users] kaspersky and ufdbguard
>
> On 17/05/18 17:45, Vacheslav wrote:
>> Peace,
>>
>> When I configured Kaspersky to use proxy, I started getting as an example:
>>
>> BLOCK -                10.96.0.104     config     https-option
>> 195.122.177.165:443 CONNECT
>>
>> I have require https hostname. Kaspersky is updating fine.
>>
>> Anyone has an idea what Kaspersky is connecting ?
>>
>
> That is a custom log format, you have not provided any info about what each field is. So no, we don't have much of a clue what it means.
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: kaspersky and ufdbguard

Marcus Kool
I do not block my Kaspersky AV.
Do you want the Kaspersky software contact the servers of Kaspersky ?

On 17/05/18 09:30, Vacheslav wrote:

> Yeah all that I know, The million dollar question is should I continue blocking it?
>
> -----Original Message-----
> From: squid-users <[hidden email]> On Behalf Of Marcus Kool
> Sent: Thursday, May 17, 2018 3:22 PM
> To: [hidden email]
> Subject: Re: [squid-users] kaspersky and ufdbguard
>
> 195.122.177.165 is an IP address of Kaspersky (see whois 195.122.177.165).
> ufdbguardd blocks this IP address since it is configured to do so which is indicated by 'https-option', most likely because the config has
>      option enforce-https-with-hostname on # default is off.
>
> Marcus
>
>
> On 17/05/18 08:03, Vacheslav wrote:
>> I have this:
>> acl {
>>      allSystems  {
>>         ### EDIT THE NEXT LINE FOR LOCAL CONFIGURATION:
>>         pass
>>   alwaysallow
>>   # !always-block
>>    !ms-data-collection
>>   !adult !security
>>    !proxies !malware !warez
>>   !gambling !violence !drugs
>>          !phishtank !spyware
>>   chat dating !games religion  finance jobs shops sports travel news
>>   webmail forum socialnet youtube
>>              !webtv webradio audiovideo
>>   !ads
>>              searchengine
>>   # with "logall on" or "logpass on" it makes sense to have the category "checked" in the ACL.
>>   any
>>   # NOTE: ALL categories are part of the ACL for logging purposes.
>>   # Only when logall is off, one can remove the allowed categories from the ACL.
>>      }
>>
>> I don't have a similar config acl.
>>
>> -----Original Message-----
>> From: squid-users <[hidden email]> On Behalf Of Amos Jeffries
>> Sent: Thursday, May 17, 2018 1:56 PM
>> To: [hidden email]
>> Subject: Re: [squid-users] kaspersky and ufdbguard
>>
>> On 17/05/18 17:45, Vacheslav wrote:
>>> Peace,
>>>
>>> When I configured Kaspersky to use proxy, I started getting as an example:
>>>
>>> BLOCK -                10.96.0.104     config     https-option
>>> 195.122.177.165:443 CONNECT
>>>
>>> I have require https hostname. Kaspersky is updating fine.
>>>
>>> Anyone has an idea what Kaspersky is connecting ?
>>>
>>
>> That is a custom log format, you have not provided any info about what each field is. So no, we don't have much of a clue what it means.
>>
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> [hidden email]
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> [hidden email]
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users