Spyware warning

[gapiro]

FYI.
Our company network has currently blacklisted basschat because a scan showing spyware - we have Cisco scansafe on the connection and that is blocking it. I can't get any more info than that I'm afraid.

[wateroftyne]

Same for our network - also Cisco. Just started happening this morning.

[Norris]

Ditto (and also Cisco). I PMed ped too

[icastle]

I'm guessing you're all using Scansafe as a SaaS service via BT.

I checked the site through a connection with a Juniper on it, and it went straight through.

There's no sign of anything untoward having been added to the site so, in the absence of any further detail, I can only conclude that it's either a false positive, or Scansafe saw an inline advert that it didn't like.

If anyone can get some detail of what Scansafe actually saw, that'd give me a bit more to go on...

[paul_5]

I have no idea what any of the above means, but I'd like to take this opportunity to say a big THANK YOU to all the folks who DO understand it, and keep the forum running.

You're all lovely, lovely people.

[ped]

[quote name='Norris' timestamp='1465562766' post='3069293']
Ditto (and also Cisco). I PMed ped too
[/quote]

Norris helpfully sent me some detail by PM if it's any help:

"[color=#282828][font=helvetica, arial, sans-serif]From what little information I have, the alert seems to have come from the Cisco WBRS reputation system. The site is classed as "Streaming Audio" and has been identified as containing malware."[/font][/color]

[hubrad]

Not on here, but I had something similar on coffeforums.co.uk a while back , whereby objections seemed to be connected to the moving banner at the top of the page. Currently on this page they're showing Rotosound and Elixir.
I have no idea of the technicalities of these things!

[Norris]

I assume it must be related to an advert. No BC content strikes me as the sort of stuff that could be a vector for malware unless the server has been compromised. The scanner must have picked up something delivered by an ad server. I'm sure that Cisco have a procedure for investigating and removing the alert. Hopefully they should be able to tell you the specific content that triggered it.

Btw, I'm a programmer but have a background in computer ops & engineering. In the dim & distant past though, hence the slight vagueness

[ped]

[quote name='hubrad' timestamp='1465577306' post='3069433']
Not on here, but I had something similar on coffeforums.co.uk a while back , whereby objections seemed to be connected to the moving banner at the top of the page. Currently on this page they're showing Rotosound and Elixir.
I have no idea of the technicalities of these things!
[/quote]

Aha. Elixir updated their banner a few days ago. Perhaps that's causing issues. I'll speak to them if it continues being a problem

Thanks guys

[icastle]

Well, looking at how WBRS works, Basschat itself should pass WBRS without a problem.

I'm guessing it saw an inline advert it wasn't keen on and blocked the site automatically.

As it's a cloud based service, anyone using the standard setup of ScanSafe will see the site as blocked.

The way round it is to get one of the IT Admins to whitelist the site, nothing we can do from this end as far as I can see.

[Norris]

Just checked again - still blocked

Edit: and it's unlikely to be whitelisted by my employer.

Edited June 14, 2016 by Norris

[ped]

I've spoken to Elixir about the banner as I think it's the code there which is triggering it. Should hear back soon, will keep you posted.

Sorry about this

[ped]

Still having the same probs guys?

[wateroftyne]

I was yesterday - I'm out of the office 'till Tuesday so I'll check then :-)

[wateroftyne]

Still happening to me... Reputation - viruses

[icastle]

It will.

Once the site ends up on the database it can only be removed by your network admin.

[wateroftyne]

[quote name='icastle' timestamp='1466523521' post='3076480']
It will.

Once the site ends up on the database it can only be removed by your network admin.
[/quote]

Will it not update when the config file from Cisco is refreshed?

[icastle]

Possibly, I'm not a ScanSafe subscriber.

I get the impression that once the site is on the list, it needs a subscriber to manually remove it or else every scammer and his dog could just take their names off when they get blocked.

[Norris]

I've just had a look at the Cisco web site. There is a page that allows you to look up websites and email addresses. BC is still rated as "Poor". Investigating a bit further I found a section that said you need to raise a support ticket with Cisco if you want them to re-evaluate if you are confident that the site does not contain any malicious content.

In other words it will remain blocked until someone starts a dialogue with Cisco to get it resolved

[icastle]

I've been poor for years.

I'll take a look and see if I can get us reclassified.

I'm 99% certain that it was a false positive anyway, so an in depth check wouldn't harm...

[nige1968]

Maybe it's the ad for Asian girls

[wateroftyne]

...and we're back :-)

[icastle]

[quote name='wateroftyne' timestamp='1466674961' post='3077742']
...and we're back :-)
[/quote]

Yep - Cisco were nice and rushed it through for us as they agreed it was a false positive.

[Dad3353]

[sharedmedia=core:attachments:167486]

[wateroftyne]

Although, randomly, since it came back I've stopped getting email notifications for PMs and replies.

I guess it can only be a coincidence, and it's probably just me, but... anyone else noticed the same?