My Ironport blocks the access to a site, saying;
Threat Type: Othermalware
Threat Reason: IP address is either verified as a bot or has misconfigured DNS.
These are two pretty different reasons to block a site! If it's just a misconfigured DNS I might allow the site anyway, if it's a verified bot-net I want to deny it. How on earth do I find out more about the reason why this URL has been categorized like this?? I have used the site lookup tool, all it says is "reputation poor", no details.
My name is Tery and I am a WSA Support Engineer. I will be happy to answer your questions.
If you will like to find out more about the site you can go to senderbase.org
Click on lookup.
For more information about the site click on the detail link.
Hope this information helps!
Thanks for the reply. I have already been to the senderbase.org site, all it says is reputation "poor". There's no possible way to investigate the site, byggeregler.be.no, further. With an URL-filter forensics should be one of the basics? The threat reason, "IP address is either verified as a bot or has misconfigured DNS", leaves a lot to be desired. Who can I contact to find out the exact reason? What dns tools can I use to verify if it's a DNS problem?
To investigate the site further you will have to open a case with WSA support team or you can give us a call
Toll-Free 1-877-641-IRON (4766) for International: www.ironport.com/support/contact_support.html
Have a great day!
Tery Le Febvere